SQLMap Essentials

Skills Assessment

You are given access to a web application with basic protection mechanisms. Use the skills learned in this module to find the SQLi vulnerability with SQLMap and exploit it accordingly. To complete this module, find the flag and submit it here.

The application presented looks a online shoe store. Let's explore if we can find a possible entry point like an ID parameter.

At the page /shop.html I manage to intercept a POST request with the ID parameter. I was able to do this with Burp Suite, to replicate we just have to go to /shop.html and hover your mouse over a product, and click on "ADD TO CART"

Copy the POST request, save it to a file and run the following command:

sqlmap -r post.txt

At the middle of the process we are advised to user the --tamper=between, so lets change the command:

sqlmap -r post.txt --tamper=between --batch

The id parameter is indeed vulnerable, and sqlmap was able to find a working payload.

To accelerate the finding process we can use the following command:

sqlmap -r post.txt --tamper=between --search -T flag

The search argument will accelerate the flag finding process, instead of dumping all the data.

Answer the prompts accordingly

And after a few seconds we manage to find our flag!