InfoSec Forums InfoSec Forums Web Application Penetration Testing SQL Injection Using SQLMAP for Exploiting SQL Injections in URL Rewrite Rules

This topic contains 1 reply, has 2 voices, and was last updated by  cpw0912 1 week ago.

  • Author
  • #4791
    do son
    do son
    • Topics:200
    • Comments:49
    • Super Member
    • ★★★★

    Last week, on my facebook fange, i received a question about how to testing sql injection with url like “” . It is interesting question.

    Normally, when you use sqlmap for testing webapp, it have type of formatting as blow:

    But, nowaday, many website don’t use this format. They usually use:

    If you use manual testing,‘, you can get sql error.

    To automatic testing with sqlmap, you can use command –url*

    you need to add * character to tell to sqlmap that * is where can inject. You should use sqlmap tamper to bypass WAF. Please visit here for more tamper info.


    No system is truly secure!

  • #4828

    • Topics:0
    • Comments:3
    • Newbie

    Your website  teach & share a lot of knowledge for us~~

    Thank you~~

You must be logged in to reply to this topic.