New Sqlmap user, so please be patient :)
I've started looking at the tool and I'm curious about its use. For instance, the login page of OWASP's Juice shop is vulnerable to sql injection (' OR 1=1-- and you'll be automatically logged in as admin), but running the tool from the cmd line over the login url doesn't detect any vulnerability. Here's the cmd I'm running: sqlmap -r D:\sql_juice.txt --risk 3 --threads 10 --ignore-code 401 --level 5
And here's the request file I've captured with Fiddler: POST http://ws-windows1001:9100/rest/user/login HTTP/1.1 Host: ws-windows1001:9100 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:89.0) Gecko/20100101 Firefox/89.0 Accept: application/json, text/plain, */* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/json Content-Length: 31 Origin: http://ws-windows1001:9100 Connection: keep-alive Referer: http://ws-windows1001:9100/ Cookie: language=en; welcomebanner_status=dismiss {"email":"*","password":"*"}
I expected the tool to detect the vulnerability, but it seems like I must be doing something wrong...sould sqlmap detect this scenario?
Thanks.
http://dlvr.it/RyhnwX
G:7-Security (Cyber Security Research and Global Information Security Services)
No comments:
Post a Comment