I have a lab machine that I have been practicing some SQL injection on.
I know that the POST parameter that I am trying to exploit is vulnerable as I was able to extract the user DB manually.
I then went to do this with SQLmap with the below command.
sqlmap -u 192.168.1.50/base-login.asp --dbms="Microsoft SQL Server 2000" --data="txtLoginID=admin&txtPassword=test&cmdSubmit=Login" -p txtLoginID --method=POST
Every time I run the sqlmap command I am told that the txtLoginID is not injectable. I thought this was weird as I know for a fact that it is. (I also tried the above command with the highest risk and level set)
I proceeded to take a capture of the traffic to see if I saw anything out of place. Everything looked okay and I even took some of variables that sqlmap was trying to pass and manually entered them. When I did this I was given output as you would expect when injecting SQL.
I even captured the HTTP headers with Live HTTP headers plugin and was able to successfully replay them which produced output as I would expect.
I am new to sqlmap so I was wondering if I am missing something? From everything I have read/seen on the internet it appears I am doing it correctly.
To be sure of your syntax, you can intercept a regular request of your post by burp for example. You save it in a file and you can inform sqlmap to use this request for testing an injection.
For that the option in sqlmap is
Target: At least one of these options has to be provided to set the target(s) -d DIRECT Direct connection to the database -u URL, --url=URL Target URL (e.g. "www.target.com/vuln.php?id=1") -l LOGFILE Parse targets from Burp or WebScarab proxy logs -m BULKFILE Scan multiple targets enlisted in a given textual file -r REQUESTFILE Load HTTP request from a file