Using SQLMap to get database information
In Chapter 6, Exploitation – Low Hanging Fruits, we used SQLMap to extract information and the content of tables from a database. This is very useful but it is not the only advantage of this tool, nor the most interesting. In this recipe, we will use it to extract information about database users and passwords that may allow us access to the system, not only to the application.
How to do it...
With the Bee-box virtual machine running and BurpSuite listening as a proxy, log in and select the SQL Injection (POST/Search) vulnerability.
Enter any movie name and click Search.
Now let's go to BurpSuite and check our request:
Now, go to a terminal in Kali Linux and enter the following command:
sqlmap -u "http://192.168.56.103/bWAPP/sqli_6.php" --cookie="PHPSESSID=15bfb5b6a982d4c86ee9096adcfdb2e0; security_level=0" --data "title=test&action=search" -p title --is-dba
We can see a successful injection. That the current user is DBA which means that the user can...
