Using “sqlmap”

author: Nathan Acks
date: 2022-01-30

Used to automate SQLi attacks (and apparently banned on the OSCP because it makes things too easy).

Useful flags:

For example:

sqlmap -u http://example.com/test.php?input=foo \
       --dump-all

Or:

sqlmap -u http://example.com/test.php \
       --data input=foo --dump-all

One handy way to seed a URL is using requests harvested with Burp Suite.