# SQL Injection

## **SQLMap**

sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers.

* <https://sqlmap.org/>

The following command will take a target HTTP request saved to a file called `HTTPREQUEST` and perform SQL injection on it. It will proxy all connections through to  `127.0.0.1:8081,` which could be BurpSuite to monitor or manipulate the attack. It then sets the user agent to present itself as a browser to avoid blacklisting.

This command will try to SQL inject any parameters where you place a \* in the HTTP request. This should be in any GET/POST/ parameters you see fit.&#x20;

`python sqlmap.py -r HTTPREQUEST --proxy https://127.0.0.1:8081 --force-ssl --user-agent=Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.65 Safari/537.36`&#x20;

## **noSQLMap**

noSQLMap is an automated NoSQL database enumeration and web application exploitation tool.

* <https://github.com/codingo/NoSQLMap>

The following command will take a target HTTP request saved to a file called `HTTPREQUEST` and perform noSQL injection on it. The parameters to inject are specified by the **-data** value.&#x20;

`nosqli.exe scan -r HTTPREQUEST -data username`