I am trying to get SQLMAP tool to test the possibilities of SQL injection on my asp.net web application which has forms authentication. But I am not getting any clear directions on this. I have tried my hands on numerous forums and found nothing concrete for ASP.NET web application. Most of the demos are provided for PHP sites, which does not work like ASP.NET.
When I try to run
sqlmap.py -u "https://test.XXXX_SIT/login.aspx" --dbs
command, I end up getting the below response from the SQLMAP console
I am new to this aspect of security testing and I am even open for any better and simple free tool that does the job for me.
Please let me know the possible solution or other better possibilities to achieve this.
Regards,
Krishna Samaga B.
You need parameters to test.
for example login and pass are
GET
parameters.or
if you're sending
POST
request with login and pass