Pentest List Wiki
  • What is Pentest List Wiki?
  • OFFENSIVE SECURITY
    • External Infrastructure
      • Discovery
        • Email Address Discovery
        • Subdomain Discovery
        • Data Discovery
        • Port & Service Discovery
      • Exploitation
        • Password Spraying
        • Vulnerability Scanning
    • Internal Infrastructure
      • General Discovery
        • AD Attack Path Discovery
        • Port & Service Discovery
      • Credential Discovery
        • Passwords and NetNTLM
        • SAM & LSA secrets
        • NTDS.dit secrets
        • LSASS secrets
        • DCSync
        • DPAPI secrets
      • Movement
        • Credential Spraying
        • SMB Relaying
        • Pass The Hash
      • Infiltration/Exfiltration
        • Pivoting (Proxying)
    • Web Application
      • Discovery
        • Testing API Keys
        • Vulnerability Scan
        • Web Content Discovery
        • Parameter Discovery
        • VHOST Discovery
        • CMS Scanners
      • Exploitation
        • Authentication
          • Email Address Forms
          • AWS Cognito
        • JSON Web Tokens
        • Injection Attacks
          • SQL Injection
          • Cross-Site Scripting
          • HTTP Headers
      • Bypasses
        • Cloudflare Bypass
        • HTTP 403 Bypass
    • Mobile (iOS/Android)
      • iOS
        • IPA Decryption
        • Filesystem Analysis
        • Static Analysis
    • Cloud
      • AWS
        • Vulnerability Scanners
        • S3 Buckets
      • Azure
        • Vulnerability Scanners
        • m365 & Entra ID
  • DEFENSIVE SECURITY
    • Forged Kerberos Tickets
    • Logon Event Visualisation
Powered by GitBook
On this page
  • SQLMap
  • noSQLMap
  1. OFFENSIVE SECURITY
  2. Web Application
  3. Exploitation
  4. Injection Attacks

SQL Injection

How to exploit SQL and noSQL Injection.

PreviousInjection AttacksNextCross-Site Scripting

Last updated 11 months ago

SQLMap

sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers.

The following command will take a target HTTP request saved to a file called HTTPREQUEST and perform SQL injection on it. It will proxy all connections through to 127.0.0.1:8081, which could be BurpSuite to monitor or manipulate the attack. It then sets the user agent to present itself as a browser to avoid blacklisting.

This command will try to SQL inject any parameters where you place a * in the HTTP request. This should be in any GET/POST/ parameters you see fit.

python sqlmap.py -r HTTPREQUEST --proxy https://127.0.0.1:8081 --force-ssl --user-agent=Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.65 Safari/537.36

noSQLMap

noSQLMap is an automated NoSQL database enumeration and web application exploitation tool.

The following command will take a target HTTP request saved to a file called HTTPREQUEST and perform noSQL injection on it. The parameters to inject are specified by the -data value.

nosqli.exe scan -r HTTPREQUEST -data username

https://sqlmap.org/
https://github.com/codingo/NoSQLMap