Introduction to SQLMap
In the proceeding demonstrations I have used an open-source test bed made by Audi-1 from Github, which can be downloaded at https://github.com/Audi-1/sqli-labs. The test bed is run on the Ubuntu and LAMP stacks. For the sake of demonstration, assume we have the following IP configuration in mind:
Attacker's IP: 192.168.50.3
Test-bed IP: 192.168.50.2
Let me first demonstrate the first test bed—it takes a GET parameter named id and displays username and password values for the same. Let us see the following screenshot:
For 192.168.50.2/Less-1/?id=1 it displayed the value for the first user.
Similarly, if we increment the ID parameter we'll see different username/password pairs, like for id=2 which can be seen in the following screenshot:
The most benign check for SQL injection is nothing other than adding a quotation mark (') after the suspect parameter. This actually tries to break the application's SQL query by adding a stray string character...
