Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Specify parameters with SQLMAP

Tags:

sql-injection

sqlmap

I'm a student learning php & mysql development. i have setup a private lab ( VM ) inside my computer to test & learn how sql injection works. When things get harder i use sqlmap to exploit and later on study the requests it made to my test app using verbose mode & by capturing packets via wireshark. I came across a small problem and that's to specify the parameter in a URL to sqlmap to test.

http://localhost/vuln/test.php?feature=music&song=1

i want sqlmap to scan the parameter song so i tried these solutions

-u http://localhost/vuln/test.php?feature=music&song=1 --skip feature
-u http://localhost/vuln/test.php? --data="feature=music&song=1" -p song

Tried different variations by adding and removing quotes and equal signs , non worked. I even tried setting the --risk to --level to its maximum but it still fails to pick up the last parameter.

I will be very thankful if an expert can help me out with this. Thank you.

like image 652
DriverBoy Avatar asked Mar 27 '13 08:03

DriverBoy

5 Answers

I noticed also that you can scan multiple parameters using this :

-u "http://localhost/vuln/test.php?feature=music&song=1" -p 'song,feature'

This will scan the song parameter, then the feature parameter. If sqlmap find a vulnerable parameter, it will ask you if you want to continue with the others.

like image 21
Sidahmed Avatar answered Oct 11 '22 23:10

Sidahmed

the p option can be used in the following way

-u "http://localhost/vuln/test.php?feature=music&song=1" -p song

like image 156
Muhammad Fahim Mandvia Avatar answered Oct 11 '22 22:10

Muhammad Fahim Mandvia

You can simply add * to your value of parameter which you want to scan. Did you try that one?

like image 22
CorpusCallosum Avatar answered Oct 11 '22 23:10

CorpusCallosum

I have this problem too. I think sqlmap inject the first parameter. If you type :

-u http://localhost/vuln/test.php?feature=music&song=1

sqlmap will inject 'feature' parameter. To make it inject 'song' parameter you need to reorder the parameter as follows :

-u http://localhost/vuln/test.php?song=1&feature=music

Dont forget to add '&' between each parameter. It worked for me.

like image 31
yusufmalikul Avatar answered Oct 11 '22 22:10

yusufmalikul

I have already triggered this type of problem. You can simply skip the 'feature' parameter. E.g -u http:// localhost/vuln/test.php?feature=music&song=1 --skip=feature and then certainly it will start testing the 'song' parameter.

like image 1
Rahul Bhardwaj Avatar answered Oct 12 '22 00:10

Rahul Bhardwaj
Sign in to Comment

Related questions

Can I avoid all SQL-injection attacks by using parameters?
Are SQL operator functions for Entity Framework safe against SQL injection?
SQL safety when storing data using WordPress built-in functions
Prepared queries vs constructed queries
Deciphering this XSS attack [closed]
Is this an example of an SQL Injection Attack?
Parameterized queries in PHP with MySQL connection
Dangerous query method deprecation warning on Rails 5.2.3
Rails - How to properly escape values in a update_all query
SQL Injection Protection - Cast from string to int
I found a lot of weird string in my database, someone trying to get into my site?
Compose dynamic SQL string with psycopg2
How to escape user-supplied parameters with a SQL query?
PDO in Codeigniter - Protect vs SQL Injection
SQL injection is not working correctly
Dynamic SQL WHERE clause generation
Can JSF standard validation prevent code injection?
Need help understanding MySQL injection
how to prevent SQL Injection in JSP?
How do I prevent SQL injection with ColdFusion

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!