webapp-sqlmaplisted

# SQLMap - Automated SQL Injection Tool ## Overview SQLMap is an open-source penetration testing tool that automates the detection and exploitation of SQL injection vulnerabilities. This skill covers authorized security testing including vulnerability detection, database enumeration, data extraction, and authentication bypass. **IMPORTANT**: SQL injection exploitation is invasive and can corrupt data. Only use SQLMap with proper written authorization on systems you own or have explicit permission to test. ## Quick Start Basic SQL injection detection: ```bash # Test single parameter sqlmap -u "http://example.com/page?id=1" # Test with POST data sqlmap -u "http://example.com/login" --data="username=admin&password=test" # Test from saved request file sqlmap -r request.txt # Detect and enumerate databases sqlmap -u "http://example.com/page?id=1" --dbs ``` ## Core Workflow ### SQL Injection Testing Workflow Progress: [ ] 1. Verify authorization for web application testing [ ] 2. Identify potential injection points [ ] 3. Detect SQL injection vulnerabilities [ ] 4. Determine DBMS type and version [ ] 5. Enumerate databases and tables [ ] 6. Extract sensitive data (if authorized) [ ] 7. Document findings with remediation guidance [ ] 8. Clean up any test artifacts Work through each step systematically. Check off completed items. ### 1. Authorization Verification **CRITICAL**: Before any SQL injection testing: - Confirm written authorization from application owner - Ve