How do i add a user name and a password to sqlmap?

jdcaba picture jdcaba · Apr 16, 2017 · Viewed 10k times · Source

I was running a SQLInjection with sqlmap. My page has an error of sql but the error shows up once you logged in your account(Example: page.com/login.php and when you log you go to page.com/index.php?id=1 and here the sql error is evident). When i run sqlmap on page.com/index.php?id=1 the page redirects the sqlmap to page.com/login.php.It's possible to provide sqlmap a user and a password to make sqlmap log in the account and then perform the SQLInjection? Thank you for your time

Answer

Halil picture Halil · Nov 11, 2017

You can use cookie parameter with sqlmap. First, log into your account and learn your cookie information then you can use --cookie parameter. For example when login my account, my cookie is PHPSESSIONID=ajksdgadhakjsdhak. After that, you could do just like command below in your terminal.

sqlmap.py --url http://page.com/index.php?id=1 --cookie='PHPSESSIONID=ajksdgadhakjsdhak' --dbs