5
3
I am using sqlmap to test my website for vulnerabilities. However rather than testing for vulnerable variables in URL, I would like to test if cookie values are subject to sql injection. Is there a way to do it via sqlmap? And if not is there a tool for that?
user2245191
Posted 2014-04-29T13:13:47.213
Reputation: 53
2
Look on this article - link bellow. Perhaps you will find the solution from there.
Are there any tools for scanning for SQL injection vulnerabilities while logged in?
This Security.StackExchange.com post says that there is an option for testing SQL injection on cookies
--cookie=COOKIE {HTTP Cookie header}
You just need to paste in your Cookie where it says HTTP Cookie header
also there is a list of all the options for sqlmap
Bobski
Posted 2014-04-29T13:13:47.213
Reputation: 46
1
Thank you for your help. With some information from your link and followup googling I managed to get exactly what I wanted from sqlmap. Command I ended up using was: python sqlmap.py --cookie="some_id=6" -u "http://localhost/" -p "some_id" --level 3 --dbms=MYSQL
– user2245191 – 2014-04-29T15:52:04.3072
You need to set the --level value too two or above for sqlmap to test cookie injection. Example:
./sqlmap.py --cookie="user_id=1" -u "http://localhost/index.php" -p "user_id" --level 3
By default sqlmap tests all GET parameters and POST parameters. When the value of --level is >= 2 it tests also HTTP Cookie header values. When this value is >= 3 it tests also HTTP User-Agent and HTTP Referer header value for SQL injections. It is however possible to manually specify a comma-separated list of parameter(s) that you want sqlmap to test. This will bypass the dependence on value of --level too.
Ogglas
Posted 2014-04-29T13:13:47.213
Reputation: 920
1To people voting to close as off-topic: He's talking about a tool he's running on his PC against his website(s) -- I'm not sure why you'd think this is off-topic? – Ƭᴇcʜιᴇ007 – 2014-04-29T13:59:10.207