Security Boulevard

Important SQLMap commands

The SQLMap tool can be found in every penetration tester’s toolbox. It is one of the most popular and powerful tools when it comes to exploiting SQL injection vulnerability, which itself tops the ...
GitHub

tvquynh/SQLMap-Cheat-Sheet

Read a request (stored via Burpsuite) target the user parameter (and no other parameters), run risky queries, and dump users and passwords: sqlmap -r ./req.txt -p user --level=1 --risk=3 --passwords ...
GitHub

sqlmap can't detect sqli that in dvwa sql_bind with id=abc or id=100

Sqlmap that doesn't use or payload has its own safety concerns。 In some instances, like a SQL injection in an UPDATE statement, injecting an OR-based payload can lead to an update of all the entries ...