SQLMap & GET Requests

SQLMap is a great tool that can automate injections. Here’s how to do a simple SQLi with an HTTP GET request.

Going to the “View Blogs” page in Mutillidae, we have a drop down menu of authors. With intercept on in Burpe Suite, we query the request for admin blog.

sql15

Burpe Suite gets the request

sql16

Which we copy and paste into a new file which I’ll call attack.txt. Reading the file confirms the request is there.

sql17.PNG

Running sqlmap via command

sqlmap -r attack.txt --dbs

to get a list of databases that will show which databases are available. The purpose of taking the GET request and putting it into a file and passing it to sqlmap is to let sqlmap get whatever data it needs from the request instead of us putting it in manually.

A few minutes later sqlmap finishes and we have a list of DBs.

sql18.PNG

From here we can select a DB and then enumerate tables and then dump the data.

We’ll pick ‘nowasp’ for enumerating some tables.

sqlmap -r attack.txt -D nowasp --tables

sql19.PNG

Next we’ll dump the info in the accounts table

sqlmap -r attack.txt -D nowasp -T accounts --dump

sql20.PNG

and that’s all there is to it!

Create a website or blog at WordPress.com

Up ↑

%d bloggers like this: