I am brushing up on php web app testing and I have downloaded the latest version of Damn Vulnerable Web App (DVWA). There is a SQL inject section which I had no problem with exploiting manually. However I would like to try SQLMap against the page but I am having trouble.
The website uses forms authentication on it's login.php page. You must authenticate before you can get to the SQL injection page which is /vulnerabilities/sqli/. When I try to target the vulnerable page with SQLMap using this command
I get this response
./sqlmap.py -u "http://192.168.1.1/vulnerabilities/sqli/?id=1&Submit=Submit"
This made sense to me so I tried logging in and copying cookie session information into the SQLMap command like this
sqlmap got a 302 redirect to ../../login.php
The result looks like it just tries SQL injection against the values in the cookie but it doesn't actually use the cookie values for it's own session values because I still get redirected.
./sqlmap.py -u "http://192.168.1.1/vulnerabilities/sqli/?id=1&Submit=Submit" --cookie="PHPSESSID=k9t1eaec3dfqdlktietpp1kci7; security=low"
Can anyone help me understand how to use SQLMap against pages that use forms authentication? A link to some information that would help me figure it out would be great. I have tried doing alot of research and haven't been able to find the answer on my own.
Edit: No one? Bummer. I will give it a shot manually updating the cookie values in BURP and see if I have any better luck. I just feel like there must be a way to use SQLMap against pages with forms based auth. If not that seems like a pretty big limitation.