SQLmap POST request injection

SQLmap POST request injection

Sometimes SQL injection attacks are only successful with HTTP post methods. In this post, I am going to demonstrate the easiest way is to deploy a simple sqlmap command.

Step 1: Copy HTTP Request using Brute Suite.

Save post request to a text file.

Step 2: Use sqlmap with -r flag to read saved txt file and -p flag to identify injection point in data parameter for testing sqli

For example, I want to test the “title” parameter, I will using sqlmap with the command:

Step 3: Enjoy…. 😀