Part of a box I'm doing, I can successfully pass basic SQL query 'or'1'='1 with no errors,
{"search":"'or'1'='1"}
Output:
HTTP/1.0 200 OK
Trying to error the query
{"search":"'"}
Output: (successful)
HTTP/1.0 500 INTERNAL SERVER ERROR
Using SQLMap with --risk=3 --level=5 won't do as the server immediately blocks a large amount of request in a small amount of time.
There is a little mismatch between the heading and the description of the question. From what I can get, there are two questions which I'll try to answer.
How to configure SQLMap to attack JSON parameter?
Assumption: There is a POST endpoint that has a parameter named search
POST /someendpoint Host: localhost {"search":"test"}
python3 sqlmap -r raw.txt -p search. You may also add --risk or --level.How to get around with server blocking request?
This is a little bit tricky because it will require manual assessment as mentioned here.
Assumption: As you mentioned "server immediately blocks a large amount of request", I am assuming you got this information by running SQLMap which gave this:
there is a possibility that the target (or WAF/IPS) is dropping 'suspicious' requests
Assumption: The 500 HTTP response means that the server is vulnerable to SQL injection.
In order to solve the server blocking problem, we need to rotate the IP addresses. One way to do this is to install tor proxy and setup IP rotation in it. Then start SQLMap with --tor option.
Install tor on Debian Linux are:
sudo apt install tor
Follow this link to setup IP rotation in tor.
Run python3 sqlmap -r raw.txt -p search –tor –tor-type=SOCKS5
Any luck with --delay?
--delay=DELAY Delay in seconds between each HTTP request
Note that something else might also cause 500 error code.
