SQLmap POST request injection
Sometimes SQL injection attacks are only successful with HTTP post methods. On this post, i am going to demonstrate and report them the easiest way is to deploy a simple sqlmap command.
Step 1: Copy HTTP Request using Brute Suite.
Save post request to txt file.
Step 2: Use sqlmap with -r flag to read saved txt file and -p flag to identify injection point in data parameter for testing sqli
For example, you i want to test “title” paramter, I will using sqlmap with command:
Step 3: Enjoy…. 😀
You can view my demo video: