Although sqlmap is a great tool to automate SQLi attacks, it provides next-to-zero stealth. Due to its high-volume of traffic, sqlmap should not be used as a first choice tool during assignments that require staying under the radar.
Press enter to go with default option
we want to scan with -u and specify the parameter to test using -p:
sqlmap -u http://192.168.50.19/blindsqli.php?user=1 -p user
after confirming that it is vulnerable to SQLi we can also dump entire database using --dump
sqlmap -u http://192.168.50.19/blindsqli.php?user=1 -p user --dump
Way of getting OS Shell
capture and save packet first (right click and select copy to file)
