How to look for SQLi with a practical SQLmap guide

Thexssrat
5 min readDec 20, 2023

SQLMap is a powerful open-source penetration testing tool that automates the process of detecting and exploiting SQL injection vulnerabilities in a web application’s database. Here we will guide you through the process.

Before we begin, please note that it’s important to use such tools responsibly and only on systems that you have explicit permission to test. And for that reason we will use the labs set up at www.vulnweb.com, these are free and legally safe to test with full permission, we will use the testphp lab for this demo, as seen below, we will get to that later.

But first let’s find out about sqlmap, the below is a quote from sqlMap

sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.

If you are like some & use kali sqlmap is already installed, but if not it can be installed from the repository on github

--

--

Thexssrat
Thexssrat

Written by Thexssrat

No b*llshit Hacking tutorials with extreme value in short bursts