Alert icon
We're changing our privacy policy. This stuff matters.  Learn more  Dismiss

Testing SQL injection with SQLMap (made by pauldotcom)

Sign in or sign up now!
Alert icon
Upgrade to the latest Flash Player for improved playback performance. Upgrade now or more info.
14,906
Loading...
Alert icon
Sign in or sign up now!
Alert icon

Uploaded by on Jun 26, 2009

Found it on vimeo: http://vimeo.com/4634556?pg=embed&sec=&hd=1
Made by John Strand from pauldotcom.com

Sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.

Category:

Science & Technology

Tags:

License:

Standard YouTube License

  • likes, 6 dislikes

Link to this comment:

Share to:
see all

All Comments (14)

Sign In or Sign Up now to post a comment!

  • how do you put this dualboot simultaneously?

    Marcostampaeu 7 months ago

  • @pharoah246 there's this wonderful thing, it's called the internet, have you heard of it? it's gone tons of information for us, including information about googledorks.

    7poppasmurf7 8 months ago

  • @pharoah246 really?

    pr0jectx1 10 months ago

  • What the hell is Googledork??? how do I use it??

    pharoah246 1 year ago

  • Just wondering if you are using a dork to find sql injections, and it seemed that you did for asp, is that not illegal to continue with it?

    nickrohn93 1 year ago

  • Right.... but the web programming language has everything to do with it when it comes to parsing the return data. PHP and ASP return data differs greatly. This is why he made the point that certain tools can do PHP and others, ASP etc and that this one does both.

    xsploitedsecurity 2 years ago

  • nice video but you were wrong!

    "this tool has the capability of doing also ASP"

    sql injection has nothing to do with the web programming language.

    php, asp, aspx it doesn't matter! it only manipulate the SQL query.

    just my 2 cents.

    propercoil3 2 years ago

  • cmd

    victoramson 2 years ago

  • NIce.

    What program do i need to run it in windows?

    MysteryNomad 2 years ago

  • Very nice, This helped me a lot. Makes my job a lot easier , 5 stars, sub'd.

    cybiko6 2 years ago

Loading...

Alert icon
0 / 00Unsaved Playlist Return to active list
    1. Your queue is empty. Add videos to your queue using this button:
      or sign in to load a different list.
    Loading...Loading...Saving...
    • Clear all videos from this list
    • Learn more