Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more
Download
Standard view
Full view
of .
Save to My Library
Look up keyword
Like this
1Activity
0 of .
Results for:
No results containing your search query
P. 1
A Complete Pentesting Guide to SQLMAP by Prabhpreet

A Complete Pentesting Guide to SQLMAP by Prabhpreet

Ratings: (0)|Views: 173 |Likes:
Published by Rahul Tyagi
What Is SQL MAP
Commands of SQL MAP
Attacking through SQL MAP
What Is SQL MAP
Commands of SQL MAP
Attacking through SQL MAP

More info:

Published by: Rahul Tyagi on Jun 05, 2013
Copyright:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less

06/05/2013

pdf

text

original

 
 
A Complete PenTesting Guide to SQLMAP
Warning:
The website used for demonstration isalready patched and vulnerability is reported to thewebmaster. We do not support live attacks on any website.Hence please follow your countries law and do not test anylive website without a legal permission from them. Thistutorial is just for education purpose only and we do not held and responsibility on action and trails performed byany individual after reading this paper.
 
What is SQLMAP ?  SQLMAP is an open source penetration testing toolthat automates the process of detecting andexploiting SQL injection flaws and taking over oback-end database servers.It comes with a powerful detection engine, manyniche features for the ultimate penetration tester anda broad range of switches lasting from databasefingerprinting, over data fetching from the database,to accessing the underlying file system and executingcommands on the operating system via out-of-bandconnections.
 
 
FeaturesFull support for
MySQL, Oracle, PostgreSQL,Microsoft SQL Server, Microsoft Access, IBM DB2,SQLite, Firebird, Sybase and SAP MaxDB
databasemanagement systems.Full support for six SQL injection techniques:
boolean-based blind, time-based blind, error-based, UNION query, stacked queries and out-of-band
.
Now the Important part,
Requirements!1.
 
VMware Player2.
 
BackTrack 5 = Download from www.
3.
 
Wifi Connection &4.
 
Vulnerabe SiteNote: Don't Practice on your national websites
 
 How to perform SQL Injection UsingSQLMAP 
Step 1:
Open a search engine(Google)-->Search for "inurl:.php?id="I have taken "http://www.hu.edu.pk/viewfaculty.php?id=6"for the demonstration

You're Reading a Free Preview

Download
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->