SQLMap and URL rewriting
In the previous example, these parameters were very clear but there's always the question in your mind of the possibility of URL rewriting (mod_rewrite and others), and how SQLMap can deal with this situation. Then SQLMap provides its users with the option of specifying the injection point. If anywhere in the URL supplied to SQLMap contains an asterisk sign (*) then that point will be used as the injection point and SQLMap will start its injection detection tests from there.
Let's assume the target is using rewritten URLs like the following:
https://prakharprasad.com/books/1/view
https://prakharprasad.com/books/2/view
https://prakharprasad.com/books/3/view
Let us see this in action:
As you can see, SQLMap immediately pointed us to the fact that a custom injection marker has been found in the URL, and asks if it should it process the URL accordingly. So with this technique we can clearly inject easily with websites using URL rewriting modules.
