SQLmap POST request injection

SQLmap POST request injection

Sometimes SQL injection attacks are only successful with HTTP post methods. On this post, i am going to demonstrate and report them the easiest way is  to deploy a simple sqlmap command.

Step 1: Copy HTTP Request using Brute Suite.

Save post request to txt file.

Step 2: Use sqlmap with -r flag to read saved txt file and -p flag to identify injection point in data parameter for testing sqli

For example, you i want to test “title” paramter, I will using sqlmap with command:

Step 3: Enjoy…. 😀

You can view my demo video: