SQL Hacking → How to use SQLMap…
Scenario
Let’s say that you are auditing a web application and found a web page that accepts dynamic user-provided values on GET or POST parameters or HTTP Cookie values or HTTP User-Agent header value. You now want to test if these are affected by a SQL injection vulnerability, and if so, exploit them to retrieve as much information as possible out of the web application’s back-end database management system or even be able to access the underlying operating system.
Consider that the target url is:
http://192.168.1.121/sqlmap/mysql/get_int.php?id=1
Assume that:
http://192.168.1.121/sqlmap/mysql/get_int.php?id=1+AND+1=1
is the same page as the original one and:
http://192.168.1.121/sqlmap/mysql/get_int.php?id=1+AND+1=2
differs from the original one, it means that you are in front of a SQL injection vulnerability in the id GET parameter of the index.php web application page which means that no IDS/IPS, no web application firewall, no parameters’ value sanitization is performed on the server-side.