The sqlmap tool is an open source tool built in Python, which allows the detection and exploitation of SQL injection attacks. It has full support for MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, IBM Db2, SQLite, Firebird, Sybase, SAP MaxDB, HSQLDB, and Informix databases. In this recipe, we will cover how to use sqlmap to test and exploit SQL injection.
Injection attacks with sqlmap
How to do it...
The following are the steps to use sqlmap:
- We first take a look at the help of sqlmap for a better understanding of its features. This can be done using the following command:
sqlmap -h
The following screenshot shows the output for the preceding command:
- To scan a URL, we use the following...