SQL Injection Exploitation in Multiple Targets using Sqlmap

In this article we are going to perform sql injection attack on multiple target through sqlmap

In the tutorial I had used two buggy web dvwa and Acurat (vulweb.com). 


Start dvwa  and select sql injection vulnerbility here type user ID and click on submit, now copy the url.


Start kali linux then create a text file as sql.txt on desktop which will contain URL for multiple target and past copied url in text file. From the screenshot you can perceive that I had pasted above url in this text file and save as sql.txt

Repeat the same process with different web. Now open the vulnweb.com, here click on URL given for Acuart.


Now click on browse categories then click on poster


Now let verify whether the ID is vulnerable to sql injection or not. Use this apostrophe () at the end of url as shown in the screenshot. You can see I have received an error message which means the ID is vulnerable to sql injection. Copy its URL


Paste above copied URL under sql.txt, and save it again. So here I have saved two URL in a text file which means two vulnerable ID of different web is saved under sql.txt file.


Open the terminal and type following command to scan multiple targets through sqlmap for sql injection.
Sqlmap –m /root/Desktop/sql.txt –dbs --batch


So here you can see I have got database names for multiple targets.  Here I found dvwa under database names.


Later I have got another database name acurat. Now try yourself for multiple ID.

0 comments:

Post a Comment