SQL Injection Exploitation in Multiple Targets using Sqlmap
In this article, we are going to perform a SQL injection attack on multiple targets through sqlmap. I had used two buggy web dvwa and Acurat (vulweb.com).
Start dvwa and select SQL injection vulnerability here type user ID and click on submit, now copy the URL.
Start kali Linux then create a text file as sql.txt on the desktop which will contain URL for multiple target and past copied URL in a text file. From the screenshot, you can perceive that I had pasted above URL in this text file and save as sql.txt
Repeat the same process with different web. Now open the vulnweb.com, here click on URL given for Acuart.
Now click on browse categories then click on the poster
Now let verify whether the ID is vulnerable to SQL injection or not. Use this apostrophe (‘) at the end of URL as shown in the screenshot. You can see I have received an error message which means the ID is vulnerable to SQL injection. Copy its URL
Paste above-copied URL under sql.txt, and save it again. So here I have saved two URL in a text file which means two vulnerable ID of the different web is saved under sql.txt file.
Open the terminal and type following command to scan multiple targets through sqlmap for SQL injection.
sqlmap –m /root/Desktop/sql.txt –dbs --batch
So here you can see I have got database names for multiple targets. Here I found dvwa under database names.
Later I have got another database name acurat. Now try yourself for multiple ID.
Author: Aarti Singh is a Researcher and Technical Writer at Hacking Articles an Information Security Consultant Social Media Lover and Gadgets. Contact here
How do you enable sqlmap to run in auto without stopping to ask for response?
We used the “–batch” parameter.