phpxamppsql-injectionsqlmap

How to set up sqlmap injection with xampp?


Now I use xampp for simulate server and I don't know how to post my code stackoverflow doesn't let me do.

So I download Python ver2.7 and sqlmap for trying to injection my website (.php).

and I search tutorial in Internet and get struct with this command "sqlmap.py -u "link". My question is about at the end of the link in tutorial have a ".php?id=1" and they found id by search in Google. But my server is xampp I can't search in Google too. so what does "id=" mean? and is there anyway to injection and get all of database of this website.

because I type sqlmap.py -u "http://localhost/secure/sc.php" or even I put--level=3 --risk=3` output still be

[CRITICAL] all tested parameters appear to be not injectable.

Is xampp can do this injection sqlmap or I should try another server simulator?


Solution

  • Yes, XAMPP is just fine.

    You need to help sqlmap a bit and tell which are the parameters that your script takes and provide some valid values.

    For example

    sqlmap.py -u "http://localhost/secure/sc.php?id=1&name=Joe"
    

    Additionally you can put an *, to mark a parameter that you would like to test.

    sqlmap.py -u "http://localhost/secure/sc.php?id=1*&name=Joe"