sqlmap
Detect and exploit SQL injection flaws. More information: https://sqlmap.org.
-
Run sqlmap against a single target URL:
python sqlmap.py -u "{{http://www.target.com/vuln.php?id=1}}"
-
Send data in a POST request (
--data
implies POST request):
python sqlmap.py -u "{{http://www.target.com/vuln.php}}" --data="{{id=1}}"
-
Change the parameter delimiter (& is the default):
python sqlmap.py -u "{{http://www.target.com/vuln.php}}" --data="{{query=foobar;id=1}}" --param-del="{{;}}"
-
Select a random
User-Agent
from./txt/user-agents.txt
and use it:
python sqlmap.py -u "{{http://www.target.com/vuln.php}}" --random-agent
-
Provide user credentials for HTTP protocol authentication:
python sqlmap.py -u "{{http://www.target.com/vuln.php}}" --auth-type {{Basic}} --auth-cred "{{testuser:testpass}}"
License and Disclaimer
The content on this page is copyright © 2014—present the tldr-pages team and contributors.This page is used with permission under Creative Commons Attribution 4.0 International License.
While we do attempt to make sure content is accurate, there isn't a warranty of any kind.