Handling injections in a POST request
Until now, we've just considered injections in the GET requests/parameter. Let us now look at an injection in a POST parameter and exploit the same with the SQLMap.
In the Username field we try to insert a stray character to break the query as we did before. Let's see what happens:
Upon submitting the work, we get a typical MySQL error:
Now we need to check exactly which POST parameter is affected. To view the request we'll use a Firefox add-on known as Live HTTP Headers which can be easily installed from the Firefox add-on gallery as shown in the following screenshot:
So, based on the output of Live HTTP Headers, the affected parameter is uname. Let's use SQLMap's --data switch to exploit this POST-based scenario. The syntax is a bit tricky to understand at first. It reads: -u <POST-URL> --data="POST-parameters". We'll enforce the parameter to check to uname and pass the POST parameters inside --data , see the following:
./sqlmap.py -u http://192...
