Reputation: 3177
Specify parameters with SQLMAP
I'm a student learning php & mysql development. i have setup a private lab ( VM ) inside my computer to test & learn how sql injection works. When things get harder i use sqlmap to exploit and later on study the requests it made to my test app using verbose mode & by capturing packets via wireshark. I came across a small problem and that's to specify the parameter in a URL to sqlmap to test.
http://localhost/vuln/test.php?feature=music&song=1
i want sqlmap to scan the parameter song so i tried these solutions
-u http://localhost/vuln/test.php?feature=music&song=1 --skip feature
-u http://localhost/vuln/test.php? --data="feature=music&song=1" -p song
Tried different variations by adding and removing quotes and equal signs , non worked. I even tried setting the --risk to --level to its maximum but it still fails to pick up the last parameter.
I will be very thankful if an expert can help me out with this. Thank you.
Upvotes: 9
Views: 98053
Answers (5)
Reputation: 812
I noticed also that you can scan multiple parameters using this :
-u "http://localhost/vuln/test.php?feature=music&song=1" -p 'song,feature'
This will scan the song parameter, then the feature parameter.
If sqlmap find a vulnerable parameter, it will ask you if you want to continue with the others.
Upvotes: 6
Reputation: 241
the p option can be used in the following way
-u "http://localhost/vuln/test.php?feature=music&song=1" -p song
Upvotes: 24
Reputation: 21
I have already triggered this type of problem. You can simply skip the 'feature' parameter. E.g -u http:// localhost/vuln/test.php?feature=music&song=1 --skip=feature and then certainly it will start testing the 'song' parameter.
Upvotes: 1
Reputation: 189
You can simply add * to your value of parameter which you want to scan. Did you try that one?
Upvotes: 4
Reputation: 548
I have this problem too. I think sqlmap inject the first parameter. If you type :
-u http://localhost/vuln/test.php?feature=music&song=1
sqlmap will inject 'feature' parameter. To make it inject 'song' parameter you need to reorder the parameter as follows :
-u http://localhost/vuln/test.php?song=1&feature=music
Dont forget to add '&' between each parameter. It worked for me.
Upvotes: 3
Related Questions
- SQLMAP - Post JSON data as body
- Generic way of adding SqlParameter to the SqlCommand
- SQLMap succesul inject query browsing
- Print the value of injected parameter in sqlmap
- How to set up sqlmap injection with xampp?
- sqlmap inject via parameters in soap body?
- Sqlmap post data
- two parameters with SQLMAP
- Setting particular type of attack with Sqlmap
- SQLMAP to test sql injection