Sqlmap Introduction
Website address: http://sqlmap.org/
Tool Type: An open source penetration testing tool
Use direction: can automatically detect and exploit SQL injection attacks and the database server
Installation Instructions: http://jingyan.baidu.com/article/cd4c2979 c4456e756e6e60ba.html
Sqlmap supports five different injection modes (all performed by default, but can also be specified)
1, based on the Boolean blind, that can be based on the return page to determine the conditions of true and false injection.
2, the time-based blind, that can not be based on the page return content to determine any information, using conditional statements to see if the time Delay statement execution (that is, the page return time is increased) to determine.
3, based on the injection of error, that is, the page will return errors, or the results of injected statements directly back to the page.
4, joint query injection, you can use the union of the case of injection.
5, heap query injection, you can execute the execution of multiple statements at the same time injection.
Sqlmap supported Databases
MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, IBM DB2, SQLite, Firebird, Sybase, and SAP MaxDB
Basic instruction Introduction
Use demonstration
Security Test Tool-sqlmap