SQLmap and injection techniques

Easy20MIN

SQLmap is a versatile tool that can test multiple SQL injection techniques. By default, SQLmap tries all the most well-known methods, but with the --technique switch, you can specify which techniques to enable. This provides more control:

You can speed up testing by selecting only the most likely methods
You can target the testing if you know the nature of the vulnerability in advance
You can restrict aggressive techniques that slow down the server

--technique parameters

--technique accepts characters that correspond to different injection methods. You can use one or multiple at a time.

**B: **Boolean-based blind. The result is deduced by comparing truth values (TRUE/FALSE).

**E: **Error-based. Exploits the error messages returned by the database to obtain information.

**U: **UNION query. Utilizes the UNION SELECT statement alongside other queries.

**S: **Stacked queries. Sends multiple SQL statements in the same request (e.g., ; DROP TABLE).

**T: **Time-based blind. Utilizes time delays (e.g., SLEEP(5)) to determine the result.

**Q: **Inline queries. Uses nested queries (e.g., SELECT (SELECT ...)).

1 / 12

Previous: SQLmap and reading databasesPrevious Next: SQLmap and tamperNext

Hakatemia Pro

Learn to hack — start here

Hundreds of interactive courses, virtual labs and CTF challenges in your browser. Start a free trial — no card required.