Written in Python by Miroslav Stamper, Sqlmap is probably the best automated tool to detect and exploit SQL Injection.
Sqlmap fully supports many databases as MySQL, Microsoft SQL Server, PostgreSQL, Oracle (and many more) and is able to detect the following injection types : Boolean based blind, Error based, Union based, Stacked queries, Time based blind, Inline queries. Depending of the target status, sqlmap is also able to :
- prompt an interactive sql shell
- download/upload files
- prompt a web shell
- crack hashed password using a dictionnary attack
- and a lot more…
Below some examples of the main functions using bWAPP
In this example sqlmap has detected that the GET parameter
title of the search function is vulnerable to sql injection.
Well done! Plus it found that 4 different types of injection can be used for exploitation.
Note that sqlmap has also detected that the parameter is vulnerable to XSS attacks which is unfortunatly very common these days…
To perform test on POST field you should write:
In the next example, I’ll turn off the verbose mode.