Author Topic: Sqlmap questions (Read 361 times)

OneHappyTaco · « **on:** January 30, 2013, 06:52:05 pm »

I am starting to back into web application hacking. I was wondering if you could answer some quick questions.

Do you need to search through each page of an entire website to find a sql injection exploit? Or do you just try injectin the first page?

Any extensions of the URL that could help me locate vulnerable websites?

Thanks.

Apetrick · « **Reply #1 on:** February 07, 2013, 05:26:23 pm »

Well with sqli all you need to do is find one injection point for sqlmap to use, try finding a file with a .php extension and a parameter like .php?X=<something> next you will need to see if you can cause an error in that by sending a wrong input like .php?X=1' which usually will cause an error that is displayed on the page that is visible. If that works then you can put that entire link into sqlmap but not with false statement but with the actuall page that doesnt cause an error because sqlmap will add everything it needs in the --wizard. I personally prefer doing the injection manually in the browser instead of using sqlmap unless i dont have time, its a pretty basic concept and all you need to know is how to cause an error and how to craft sql statements.

OneHappyTaco · « **Reply #2 on:** February 07, 2013, 05:31:15 pm »

I figured it out eventually. But one more thing , whenever I run --os-shell after a few seconds of finding info it tells me to find the path to the web server document root, any idea what that is?

Apetrick · « **Reply #3 on:** February 07, 2013, 05:36:45 pm »

well when you first load the website does it direct to a /index.php i think thats what its talking about but im not sure.

OneHappyTaco · « **Reply #4 on:** February 07, 2013, 05:39:32 pm »

the end of the url becomes: /product.php?id=1

Apetrick · « **Reply #5 on:** February 07, 2013, 05:45:54 pm »

When you first go to the site or when you go to the product page?

OneHappyTaco · « **Reply #6 on:** February 07, 2013, 08:08:06 pm »

no there is no extension. It tells me "please list the web server document root, i.e. /var/www

Apetrick · « **Reply #7 on:** February 07, 2013, 08:12:45 pm »

i would just use the sqlmap wizard

Code: [Select]

./sqlmap.py --wizardall you do is enter through a few prompts and itll automate it

OneHappyTaco · « **Reply #8 on:** February 07, 2013, 08:17:31 pm »

Thats not for the --os-shell though. Do you know a way to find the websites document root? Should I wget it?

Apetrick · « **Reply #9 on:** February 07, 2013, 08:22:09 pm »

I have no idea why you need the --os-shell flag and no clue on what it means by the document root. ive never had a problem with it finding injections with just the wizard.

iNinjas

Author Topic: Sqlmap questions (Read 361 times)

OneHappyTaco

Sqlmap questions

Apetrick

Re: Sqlmap questions

OneHappyTaco

Re: Sqlmap questions

Apetrick

Re: Sqlmap questions

OneHappyTaco

Re: Sqlmap questions

Apetrick

Re: Sqlmap questions

OneHappyTaco

Re: Sqlmap questions

Apetrick

Re: Sqlmap questions

OneHappyTaco

Re: Sqlmap questions

Apetrick

Re: Sqlmap questions