sqlmap – WindowsTechs.com

How to use SQLmap for automatic scanning [closed]

Posted on January 6, 2024 by qizhen SU

If I want to scan this web application with SQLmap, how should I craft the command?

I tried this command but it didn’t work. How do I fix it?
sqlmap –batch -u http://192.168.56.103:8754/payment-details/2 –data="id=1&Credit_Card… Continue reading How to use SQLmap for automatic scanning [closed]→

Why can’t my sqlmap detect SQL injection? Is there something wrong with my command? [closed]

Posted on January 5, 2024 by qizhen SU

I test the web application of the target virtual machine provided by my professor:
sqlmap –batch -u http://192.168.56.103:8754/payment-details/2 \
–cookie=’ JSESSIONID=<D38AEB6139DFC666E65D0D38BD82CE96>’ -level=3 –risk=3

And th… Continue reading Why can’t my sqlmap detect SQL injection? Is there something wrong with my command? [closed]→

Is sql injection possible here ? or I can consider this as safe? [closed]

Posted on September 27, 2023 by Abhinav

This is my code in phpm I was wondering if there is a way to bypass sql protection, because everything is already blocked.
Is this secure?
$max = 10;

if (isset($_GET[‘max’]) && !is_array($_GET[‘max’]) && $_GET[‘max’]>0)… Continue reading Is sql injection possible here ? or I can consider this as safe? [closed]→

How to ignore asterisk characters in sqlmap?

Posted on September 25, 2023 by Andres R

I’ve come across a webpage that uses Iron cookies. These cookies have the exemplary format: Fe26.2**0cdd607945dd1dffb7da0b0bf5f1a7daa6218cbae14cac51dcbd91fb077aeb5b*aOZLCKLhCt0D5IU1qLTtYw*g0ilNDlQ3TsdFUqJCqAm9iL7Wa60H7eYcHL_5oP136TOJREkS3B… Continue reading How to ignore asterisk characters in sqlmap?→

How to use the –scope option in Sqlmap?

Posted on July 14, 2023 by fdku

How to sort the results of Google Dorks in Sqlmap using the –scope option?

Continue reading How to use the –scope option in Sqlmap?→

SQLmap custom injection point in JSON

Posted on June 21, 2023 by TSFH

The post request like this:
POST /api/test/ HTTP/1.1
Host: example.com
Cookie: .ASPXAUTH=5B8094E
Content-Type: application/json; charset=utf-8
Connection: close
Content-Length: 179

{"Verb":"GET","Url":"… Continue reading SQLmap custom injection point in JSON→

Adding Payload to URL-based SQL Injection: Seeking Guidance and Best Practices

Posted on June 18, 2023 by Floppa

I recently performed a vulnerability assessment on a system using ZAP (Zed Attack Proxy) and received a finding indicating a likely SQL injection vulnerability.

The query time is controllable using parameter value [case
randomblob(1000000… Continue reading Adding Payload to URL-based SQL Injection: Seeking Guidance and Best Practices→

sqlmap base64 encoded cookie with working manual sql injection

Posted on June 7, 2023 by alireza sadeghpour

I am trying to automate sql injection using sqlmap by using the following command:
sqlmap -r req.txt –dump

where req.txt is the request which is captured with Burp Suite. sqlmap couldn’t find the vulnerability,
[WARNING] Cookie parameter… Continue reading sqlmap base64 encoded cookie with working manual sql injection→

What makes a target testable in Sqlmap?

Posted on June 7, 2023 by fdku

Sqlmap says "found x targets, y of them are testable". What makes a testable target for sqlmap?

Continue reading What makes a target testable in Sqlmap?→

What does Sqlmap option –ignore-code do? [closed]

Posted on June 5, 2023 by fdku

How is the scan with –ignore-code different from a scan without it?

Continue reading What does Sqlmap option –ignore-code do? [closed]→