Collaborate Disseminate
Is there a way to let SQLMAP handle some general error info, like ‘Syntax error’ in a subsequent GET request that is requested after a redirect 301?
So the (general) result/error is not directly in the response.
Is there a way to let SQLMAP handle some general error info, like ‘Syntax error’ in a subsequent GET request that is requested after a redirect 301?
So the (general) result/error is not directly in the response.
I am (basically) pen-testing my own website, and I do have a new WAF, but have temporarily taken it down in a safe, testing environment (the one on my actual site is still up.)
This is the same site that was receiving an enormous amount of… Continue reading Is my wesbite stil vulnerable if sqlmap cannot retrieve the database names but CAN successfully inject?
I recently found a boolean-based blind SQLi and since I’m new to the bug bounty scene – I don’t understand what impact I can extract from it.
There is a website like example.com/tarif?tableId=136&dbsource=gkcp&nf=undefined. The vul… Continue reading Is it possible to exploit this supposedly boolean-based blind and time-based blind SQLi (sqlmap)?
Is there any way to save half dumped output in csv file or in table format in sqlmap?
Look below image for better understanding. The target is boolean based blind injection vulnerable. For sure this injection takes hell of a time for large… Continue reading sqlmap –dump csv file output problem for Large database
Is there any way I can run sqlmap tool to test whether the database names I already have are true or false?
I made some mistakes while testing on one target. The target is time-based blind injection vulnerable. I ran sqlmap tool with –dum… Continue reading Can I provide database names and tables to sqlmap to check if it is true or false? [closed]
I was working on a target where sqlmap detected boolean based time blind injection. Everything was working perfect but you know it was time blind injection so I knew that this is going to take forever to dump database. So I pressed ctrl+c … Continue reading Accidently used –flush-session –batch in sqlmap tool. Need help!
I have a verified injection which looks like:
/page/(SELECT+SLEEP(10))
But sqlmap cannot detect it no matter what.
This is how I’m running sqlmap:
sqlmap -u ‘http://MY-SITE/page/*’ –level=5 –risk=3 –threads=10 –dbms=mysql –method=POST… Continue reading sqlmap cannot detect a confirmed vulnerability
If I want to scan this web application with SQLmap, how should I craft the command?
I tried this command but it didn’t work. How do I fix it?
sqlmap –batch -u http://192.168.56.103:8754/payment-details/2 –data="id=1&Credit_Card… Continue reading How to use SQLmap for automatic scanning [closed]
I test the web application of the target virtual machine provided by my professor:
sqlmap –batch -u http://192.168.56.103:8754/payment-details/2 \
–cookie=’ JSESSIONID=<D38AEB6139DFC666E65D0D38BD82CE96>’ -level=3 –risk=3