Ready to Start Your Career?

SQL Injection Lab Part 3 – Extracting/Obtaining PHP Cookie

bjacharya 's profile image

By: bjacharya

September 13, 2016


Welcome back Cybrarians!Section 9: Obtain PHP Cookie

1. SQL Injection Menu
  • Instructions:1. Select “SQL Injection” from the left navigation menu.
i-12. Select Tamper Data
  • Instructions:1. Tools –> Tamper Data
i-23. Start Tamper Data
  • Instructions:1. Click on Start Tamper
4. Basic Injection
  • Instructions:1. Input “1” into the text box.2. Click Submit.
    • Notes(FYI):
      • The goal here is see the GET request being madeto the CGI program behind the scenes.
      • Also, we will use the “Surname” output withSQLMAP to obtain database username and passwordcontents.
i-35. Tamper with request?
  • Instructions:1. Make sure the Continue Tampering? textbox isunchecked.2. Then Click Submit
i-46. Copying the Referer URL
  • Instructions:1. Select the second GET Request2. Right Click on the Referer Link3. Select Copy
i-57. Open Notepad
  • Instructions:1. Applications –> Wine –> Programs –>Accessories –> Notepad
i-68. Paste Referer URL into Notepad
  • Instructions:1. Edit –> Paste
i-79. Copying the Cookie Information
  • Instructions:1. Right Click on the Cookie line2. Select Copy
i-810. Pasting the Cookie Information
  • Instructions:1. Edit –> Paste
    • Notes(FYI):
      • Now you should have copied both the Referer andCookie lines into Notepad. (See Picture)
Schedule Demo
Build your Cybersecurity or IT Career
Accelerate in your role, earn new certifications, and develop cutting-edge skills using the fastest growing catalog in the industry