Ready to Start Your Career?

SQL Injection Lab Part 3 – Extracting/Obtaining PHP Cookie

bjacharya 's profile image

By: bjacharya

September 13, 2016

syringe-sql-injection-p3

Welcome back Cybrarians!Section 9: Obtain PHP Cookie

1. SQL Injection Menu
  • Instructions:1. Select “SQL Injection” from the left navigation menu.
i-12. Select Tamper Data
  • Instructions:1. Tools –> Tamper Data
i-23. Start Tamper Data
  • Instructions:1. Click on Start Tamper
4. Basic Injection
  • Instructions:1. Input “1” into the text box.2. Click Submit.
    • Notes(FYI):
      • The goal here is see the GET request being madeto the CGI program behind the scenes.
      • Also, we will use the “Surname” output withSQLMAP to obtain database username and passwordcontents.
i-35. Tamper with request?
  • Instructions:1. Make sure the Continue Tampering? textbox isunchecked.2. Then Click Submit
i-46. Copying the Referer URL
  • Instructions:1. Select the second GET Request2. Right Click on the Referer Link3. Select Copy
i-57. Open Notepad
  • Instructions:1. Applications –> Wine –> Programs –>Accessories –> Notepad
i-68. Paste Referer URL into Notepad
  • Instructions:1. Edit –> Paste
i-79. Copying the Cookie Information
  • Instructions:1. Right Click on the Cookie line2. Select Copy
i-810. Pasting the Cookie Information
  • Instructions:1. Edit –> Paste
    • Notes(FYI):
      • Now you should have copied both the Referer andCookie lines into Notepad. (See Picture)
i-9
Schedule Demo