Inurl phpid dating
Notice that I have highlighted the two available databases, information schema and scanme.
In order to get "inside" the web site and ultimately, the database, we are looking for web sites that end in "php? Those who are familiar with google hacks/dorks can do a search on google by entering:...among others.
We can append our command with --columns -D and the name of the database, scanme such as this: When we do so, sqlmap will target the scanme database and attempt to enumerate the tables and columns in the scanme database.
As we can see below, sqlmap successfully was able to enumerate three tables; (1) accounts, (2) inventory, and (3) orders, complete with column names and datatypes. As you can see, sqlmap can be very versatile and useful tool for My SQL, as well as SQL Server and Oracle database hacking.
Although it can be beneficial to explore that database to find objects in all the databases in the instance, we will focus our attention on the other database here , scanme, that may have some valuable information. So, now we know what the DBMS is (My SQL 5.0) and the name of a database of interest (scanme).
The next step is to try to determine the tables and columns in that database.
Search for inurl phpid dating:
In this way, we will have some idea what data is in the database, where it is and what type of data (numeric or string).