SQLmap POST request injection

by do son · Published April 11, 2017 · Updated July 29, 2017

SQLmap POST request injection

Sometimes SQL injection attacks are only successful with HTTP post methods. On this post, i am going to demonstrate and report them the easiest way is to deploy a simple sqlmap command.

Step 1: Copy HTTP Request using Brute Suite.

Save post request to txt file.

Step 2: Use sqlmap with -r flag to read saved txt file and -p flag to identify injection point in data parameter for testing sqli

For example, you i want to test “title” paramter, I will using sqlmap with command:

Step 3: Enjoy…. 😀

You can view my demo video:

SQLmap POST request injection

Search

Suggested Reading

BREAKING NEWS

TRENDING

Linux news