top of page

Tribe 54 Group

Public·1 member


For POST request, the parameters are located in the body section of an HTTP request and therefore, additional steps are required before sqlmap is able to detect and test the parameters for vulnerability.

Run SQLMAP in windows with SQLMAP GUI

Description: Learn how to use sqlmap in-depth for professional engagements like pentests or bug bounties. sqlmap is the most powerful and widely used SQL injection tool, and for good reason. It packs an impressive array of features and options specifically crafted to fingerprint, enumerate, and takeover databases as well as underlying systems. In this course, we take a look at all of that. We start by looking at the sqlmap project, including how the source code repository is structured, where to find important files such as configuration and payload files, and how to set up a home lab environment to safely and legally practice what we're learning. Then, we explore every single option that sqlmap offers with examples and explanations of how and when to use the option(s). We learn tips & tricks to see what sqlmap is doing under the hood and to troubleshoot when we come across issues. Once we've covered sqlmap's options and features, we tie it all together by running through scenarios. This is when we get to see how those options can be used together or on their own to achieve our pentest or bug bounty objectives. The course also includes sections dedicated to specific topics such as bypassing WAFs and evading security controls, and how to run sqlmap as an API.

SQLMAP is a popular tool for performing SQL injection attacks on sites affected by MySQL errors; be it an error based SQL injection or hidden SQL; sqlmap is the biggest tool there is for performing SQL injection attacks. But very few people know that sqlmap also provides an API for its service that is written in python that we can use to develop a front end for the same sqlmap which is on command line interface.

Conclusion: Web-based GUI for sqlmap is definitely a plus point over the traditional sqlmap for many reasons, one of them being the ease of access. There is no need to remember such long commands. Drag, drop and done!

sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.

The target URL after the -u option includes a parameter vulnerable to SQLi (vulnparam). Sqlmap will run a series of tests and detect it very quickly. You can also explicitly tell sqlmap to only test specific parameters with the -p option. This is useful when the query contains various parameters, and you don't want sqlmap to test everyting. You can use the --data option to pass any POST parameters.

Sometimes sqlmap cannot find tricky injection points and some configuration tweaks are needed. In this example, I will use the Damn Vulnerable Web App ( ), a deliberately insecure web application used for educational purposes. It uses PHP and a MySQL database. I also customized the source code to simulate a complex injection point. Here is the source of the php file responsible for the Blind SQL Injection exercise located at /[install_dir]/dvwa/vulnerabilities/sqli_blind/source/low.php:

I'm using a valid User-Agent and an authenticated Session Cookie. I'm also forcing sqlmap to test the "id" parameter with the -p option. Even when I set the level and risk of tests to their maximum, sqlmap is not able to find it:

Well, the first idea is to use the --suffix option with the value "-BR" and set "id=1" in the query. It will force sqlmap to add this value after every query. Let's try it with debug information (-v3 option):

To check what's going on, we can increase the debug level or set the --proxy=" :8080" option to point to your favorite web proxy. It appears sqlmap does not add comments when a suffix is passed to the command line. So every query looks like this: id=1' AND 1=0 -BR. Obviously, it is not working.

The file located at "sqlmap/xml/payloads.xml" contains all the tests sqlmap will perform. It is an XML file and you can add your proper tests to it. As this is a boolean-based blind SQLi instance, I am using the test called "AND boolean-based blind - WHERE or HAVING clause (MySQL comment)" as a template and modifying it. Here is my new test I added to my payload.xml file:


Welcome to the group! You can connect with other members, ge...
bottom of page