sqlmap – Testing parameters when reading request from file
After hours of trial an error I decided to ask here for some advice.
I am currently trying to perform a sqlinj using using sqlmap on a system that was specifically designed to be attacked.
The API states:
Method: GET
/users/>user_id</payments/>payment_token<
>user_id<: [int]
>payment_token<: [string]
Basically using the following command I can obtain information about a users payments:
curl -X GET 'https://123.123.123.123/users/2/payments/38d9f72f-cd26-fghf-a01f-804a9874eb0c' -H 'Authorization: Bearer abcdefghijklmop' -i -k
The token at the end is required for a valid request to perform any of the api requests. So what I did was logging the request by adding the -v at the end of my curl command.
This gave me the following request header:
GET /users/2/payments/38d9f72f-cd26-fghf-a01f-804a9874eb0c HTTP/1.1
Host: 123.123.123.123
User-Agent: curl/7.64.0
Accept: */*
Authorization: Bearer abcdefghijklmop
I want to now check all parameters for vulnerabilities, so I tried to put the request in a txt file and than ran sqlmap like so:
sqlmap -r "/home/user/Documents/Pentesting/Results/header.txt" --risk=3 --level=3 --force-ssl -v 1
However this doesn't find anything. What else can I try? How do I explicitly state that sqlmap should try to inject every parameter?
header.txt looks like so:
GET /users/user_id=*/payments/payment_token=* HTTP/1.1
Host: 123.123.123.123
User-Agent: curl/7.64.0
Accept: */*
Authorization: Bearer abcdefghijklmop
Any advice?
