sqlmap

sqlmap - add a dynamic token at each request


I'm doing a challenge where there is a webpage which allows sql injection. Every request submitted needs a token which you retrieve from another webpage. The token is valid limited time and for one request only.

Is there a way to tell sqlmap before each test to get the token maybe with a custom script?

KR, dk


Solution

  • Solved creating custom php page which gets the token from site manipulates it and provides in a format for sqlmap. Assuming token-generator.php replies with a plain text string only:

    # bypass-csrf.php
    <?php
    $t = file_get_contents('http://_site_/token-generator.php');
    echo '<input type="hidden" name="token" value="' . $t . '">';
    echo $t;
    ?>
    

    sqlmap paramenters: --csrf-url="http://127.0.0.1/bypass-csrf.php" --csrf-token="token"

    dk