Specify parameters with SQLMAP

Question

I'm a student learning php & mysql development. i have setup a private lab ( VM ) inside my computer to test & learn how sql injection works. When things get harder i use sqlmap to exploit and later on study the requests it made to my test app using verbose mode & by capturing packets via wireshark. I came across a small problem and that's to specify the parameter in a URL to sqlmap to test.

http://localhost/vuln/test.php?feature=music&song=1

i want sqlmap to scan the parameter song so i tried these solutions

-u http://localhost/vuln/test.php?feature=music&song=1 --skip feature
-u http://localhost/vuln/test.php? --data="feature=music&song=1" -p song

Tried different variations by adding and removing quotes and equal signs , non worked. I even tried setting the --risk to --level to its maximum but it still fails to pick up the last parameter.

I will be very thankful if an expert can help me out with this. Thank you.

score 24 · Answer 1 · edited Jul 17 '15 at 16:35

24

the p option can be used in the following way

-u "http://localhost/vuln/test.php?feature=music&song=1" -p song

edited Jul 17 '15 at 16:35

András Ottó

7,605
1
28
38

answered Apr 28 '13 at 19:56

Muhammad Fahim Mandvia

241
1
2

Also be careful that without quotes the command is not working properly. – Burak Tokak Jan 21 '17 at 13:18

score 6 · Answer 2 · answered Jul 27 '17 at 11:28

I noticed also that you can scan multiple parameters using this :

-u "http://localhost/vuln/test.php?feature=music&song=1" -p 'song,feature'

This will scan the song parameter, then the feature parameter. If sqlmap find a vulnerable parameter, it will ask you if you want to continue with the others.

score 4 · Answer 3 · answered Nov 17 '13 at 13:45

4

You can simply add * to your value of parameter which you want to scan. Did you try that one?

answered Nov 17 '13 at 13:45

CorpusCallosum

179
1
1
10

Can you give an example? – damienfrancois Nov 17 '13 at 14:03
1

-u http://localhost/vuln/test.php?feature=music&song=1* if it is kind of POST request -u http://localhost/vuln/test.php --data="feature=music&song=1*" – CorpusCallosum Nov 17 '13 at 17:13
btw you dont need to use question-mark on sqlmapping POST requests. test.php is enough. – CorpusCallosum Nov 17 '13 at 17:34

score 3 · Answer 4 · answered Apr 26 '13 at 09:48

I have this problem too. I think sqlmap inject the first parameter. If you type :

-u http://localhost/vuln/test.php?feature=music&song=1

sqlmap will inject 'feature' parameter. To make it inject 'song' parameter you need to reorder the parameter as follows :

-u http://localhost/vuln/test.php?song=1&feature=music

Dont forget to add '&' between each parameter. It worked for me.

score 1 · Answer 5 · answered Feb 07 '14 at 04:24

1

I have already triggered this type of problem. You can simply skip the 'feature' parameter. E.g -u http:// localhost/vuln/test.php?feature=music&song=1 --skip=feature and then certainly it will start testing the 'song' parameter.

answered Feb 07 '14 at 04:24

Rahul Bhardwaj

21
5

Specify parameters with SQLMAP

5 Answers5