Specify parameters with SQLMAP

sql-injection sqlmap
66,248

Solution 1

the p option can be used in the following way

-u "http://localhost/vuln/test.php?feature=music&song=1" -p song

Solution 2

I noticed also that you can scan multiple parameters using this :

-u "http://localhost/vuln/test.php?feature=music&song=1" -p 'song,feature'

This will scan the song parameter, then the feature parameter. If sqlmap find a vulnerable parameter, it will ask you if you want to continue with the others.

Solution 3

You can simply add * to your value of parameter which you want to scan. Did you try that one?

Solution 4

I have this problem too. I think sqlmap inject the first parameter. If you type :

-u http://localhost/vuln/test.php?feature=music&song=1

sqlmap will inject 'feature' parameter. To make it inject 'song' parameter you need to reorder the parameter as follows :

-u http://localhost/vuln/test.php?song=1&feature=music

Dont forget to add '&' between each parameter. It worked for me.

Share:
66,248
DriverBoy
Author by

DriverBoy

C# Pro Wannabie :D Love to solve problems using code & always try to explore the unexplored. That's Me ;-) Driver Boy .

Updated on July 28, 2020

Comments

  • DriverBoy
    DriverBoy over 3 years

    I'm a student learning php & mysql development. i have setup a private lab ( VM ) inside my computer to test & learn how sql injection works. When things get harder i use sqlmap to exploit and later on study the requests it made to my test app using verbose mode & by capturing packets via wireshark. I came across a small problem and that's to specify the parameter in a URL to sqlmap to test.

    http://localhost/vuln/test.php?feature=music&song=1

    i want sqlmap to scan the parameter song so i tried these solutions

    -u http://localhost/vuln/test.php?feature=music&song=1 --skip feature
-u http://localhost/vuln/test.php? --data="feature=music&song=1" -p song

    Tried different variations by adding and removing quotes and equal signs , non worked. I even tried setting the --risk to --level to its maximum but it still fails to pick up the last parameter.

    I will be very thankful if an expert can help me out with this. Thank you.

  • damienfrancois
    damienfrancois over 10 years
    Can you give an example?
  • CorpusCallosum
    CorpusCallosum over 10 years
    -u localhost/vuln/test.php?feature=music&song=1* if it is kind of POST request -u localhost/vuln/test.php --data="feature=music&song=1*"
  • CorpusCallosum
    CorpusCallosum over 10 years
    btw you dont need to use question-mark on sqlmapping POST requests. test.php is enough.
  • Burak Tokak
    Burak Tokak over 7 years
    Also be careful that without quotes the command is not working properly.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Sqlmap post data
sqlmap is too slow
SQLMAP - Post JSON data as body
Connecting directly to database with credentials in SQLMap
How do i add a user name and a password to sqlmap?
Showing custom error message on exception: A potentially dangerous Request.Form value was detected from the client
Preventing SQL Injection in JDBC without using Prepared Statements
Python SQLite3 SQL Injection Vulnerable Code
SQL INJECTION and two queries
Laravel SelectRaw vs DB:Raw