Category Archives: Security

Sqlmap – HTTP POST Request File

After some reading of and thinking about how I normally try to deal with post requests, thought I would jot down a few lines as a reminder.

Using a HTTP Request File. You can capture this of course using a proxy or firefox addon quite easily. -r filename.txt –level 1 –risk 1 –dbms mysql -p paramatertotest –proxy

** level and risk can be adjusted if SQLmap doesnt confirm there is an injection, but you believe there is. 5 and 3 are the max respectively. -r filename.txt — dbms mysql –proxy –current-db

**Obtain Database Name -r filename.txt — dbms mysql –proxy -D dbname –tables

**Obtain Table Names -r filename.txt — dbms mysql –proxy -D dbname -T tablename –columns

**Obtain Column Names -r filename.txt — dbms mysql –proxy -D dbname -T tablename -C col1,col2,col3 –dump

**Obtain Data from the columns specified

Might want to specifiy a particular technique:

–technique BEUS

** Subtract letters to remove type from test.

B: Boolean-based blind

E: Error-based

U: Union

S: Stacked queries

T: Time-based blind

Some other interesting details: -r filename.txt — dbms mysql –proxy –current-user

** Current DBMS username -r filename.txt — dbms mysql –proxy –current-is-dba

** Is the user a DBA? -r filename.txt — dbms mysql –proxy –file-read=Path

** Read a file from the path provided.

Full documentation:

Preventing SQL Injection:


*Recent edit to update the -r flag. for raw request.