0

I am new to SQLMAP, I have been practicing with the Altoro Mutual portal which is a vulnerable portal, just enter the code 'OR 1 = 1 - in one of its forms (Login) and we will obtain administrator access to the portal.

Altoro M. Login

sqlmap -u "https://demo.testfire.net/login.jsp" --data="uid=u&passw=p&btnSubmit=Login" --random-agent --cookie="JSESSIONID=154E7E124BE018261F6146682657A5EF" -method POST

As you can see, I define a cookie to facilitate access and enter the data sent by the form uid = u & passw = p & btnSubmit = Login. This information was obtained using BurpSuite.

BurpSuite Info

At the end of the execution, sqlmap reports that no fields are injectable:

SqlMap Report

enter image description here

What am I doing wrong?

schroeder
  • 123,438
  • 55
  • 284
  • 319
Antuanct
  • 1
  • 1
  • Please don't post images of text. Copy/paste the text here and use the code formatting tools. – schroeder Aug 13 '21 at 21:45
  • You could try to store the request in a file using burp and use sqlmap with `-r` flag.As example `sqlmap -r filename`. You could use `--level` and `--risk` to increase nmap checks . You could use the `--forms` flag too so sqlmap will check the login form automatically . – Marco Nappi Aug 14 '21 at 08:27
  • Thanks for your comment, I have tried but I have the same result. – Antuanct Aug 17 '21 at 16:41

0 Answers0