In this article we are
going to perform sql injection attack on multiple target through sqlmap
In the tutorial I had used
two buggy web dvwa and Acurat (vulweb.com).
Start dvwa and select sql injection vulnerbility here type user ID and click on submit, now copy the url.
Start kali linux then create a text
file as sql.txt on desktop which
will contain URL for multiple target and past copied url in text file. From the
screenshot you can perceive that I had pasted above url in this text file and save
as sql.txt
Repeat
the same process with different web. Now open the vulnweb.com, here click
on URL given for Acuart.
Now click on browse categories then click on poster
Now
let verify whether the ID is vulnerable to sql injection or not. Use this apostrophe (‘) at the end of url as shown in the screenshot. You can see I have
received an error message which means the ID is vulnerable to sql injection. Copy its URL
Paste above copied URL under sql.txt,
and save it again. So here I have saved two URL in a text file which means two
vulnerable ID of different web is saved under sql.txt file.
Open the terminal and type following command to scan
multiple targets through sqlmap for sql injection.
Sqlmap –m
/root/Desktop/sql.txt –dbs --batch
So
here you can see I have got database names for multiple targets. Here I found dvwa under database names.
Later I have got another database name acurat. Now try yourself for multiple ID.
0 comments:
Post a Comment