Web Exploitation WebApp PenTest

SQLmap POST request injection

do son April 11, 2017 No Comments sql injectionsqlisqlmap

SQLmap POST request injection

Sometimes SQL injection attacks are only successful with HTTP post methods. On this post, i am going to demonstrate and report them the easiest way is  to deploy a simple sqlmap command.

Step 1: Copy HTTP Request using Brute Suite.

Save post request to txt file.

Step 2: Use sqlmap with -r flag to read saved txt file and -p flag to identify injection point in data parameter for testing sqli

For example, you i want to test “title” paramter, I will using sqlmap with command:

Step 3: Enjoy…. 😀

You can view my demo video:

https://youtu.be/pW36zpC-n90

Share