How to do it...

Browse to http://192.168.56.11/mutillidae and go to OWASP Top 10 | A1 – SQL Injection | SQLi Extract Data | User Info:

  1. Try any username and password, for example, user and password, and click View Account Details.
  2. The login will fail, but we are interested in the URL. Go to the address bar and copy the full URL to the clipboard. It should be something like http://192.168.56.11/mutillidae/index.php?page=user-info.php&username=user&password=password&user-info-php-submit-button=View+Account+Details.
  3. Now, in a Terminal window, type the following command:
sqlmap -u "http://192.168.56.11/mutillidae/index.php?page=user-info.php&username=user&password=password&user-info-php-submit-button=View+Account+Details" -p username --current-user ...

Get Kali Linux Web Penetration Testing Cookbook - Second Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.