HOWTO : Offical SQLMap video demonstration 5

*** Do NOT attack any computer or network without authorization or you may put into jail. ***



Credit to : Bernardo



This is Bernardo's work but not mine. I re-post here for educational purpose only. It is because I enjoy his videos very much and I am afraid of losing them.



Original link is here.







Demonstration of sqlmap custom enumeration features: sqlmap is launched against a PHP test page hosted on a Debian GNU/Linux 5.0 server with back-end database management system being Oracle 10.2 Enterprise Edition.



The tool is instructed to identify possible SQL injections and exploit them by spawning a SQL shell where it is possible to provide custom SQL statements to be executed on the back-end database management system. sqlmap analyzes the provided SQL statement, decides which technique to use to execute it and proceeds accordingly.



Command



python sqlmap.py -u http://172.16.213.131/sqlmap/oracle/get_int.php?id=1 --sql-shell -v 2



That's all! See you.