Professional Documents
Culture Documents
05 - 1 - Automated SQL Injection
05 - 1 - Automated SQL Injection
05 - 1 - Automated SQL Injection
First use ' ' to show that search option is vulnerable on http://testphp.vulnweb.com on any browser
like firefox
then
Intercept the request in burp suite and send it to the repeater.
Steps are --
Open Burp Suite
Open Browser
On the Browser open http://testphp.vulnweb.com and then click forward(on left side on burp
suite). and then you will see the web is opened up. Then use ‘ ‘ to generate a query (on search
art) then again click on forward(on left side on burp suite). You should be able to see page as
seen on screenshot
Copy the request to file say at ~/request.txt
Open Terminal
sudo su -
sqlmap -r /home/kali/request.txt –dbs
Result
Most of the time the scan gets aborted in between. This is because of the IDS and IPS working
on the server side. So use a faster method to scan, which is given below.
OR
Output
Output