sqlmap – Page 12 – WindowsTechs.com

can sqlmap be used for insert,delete and update data SQL injection?

Posted on February 11, 2020 by Diari

how can I run the SQL query like delete, update and insert by using sqlmap in Kali Linux? if I can then please give me a tutorial.

Continue reading can sqlmap be used for insert,delete and update data SQL injection?→

SQLMAP with single URL application

Posted on January 29, 2020 by EternalSunShine

I have a local application which will be accessible only after login. Its single URL application, URL of application won’t change, just it use ‘XMLHttpRequest’ to refresh the content of screen based on action and other parameters.

Databa… Continue reading SQLMAP with single URL application→

Response seems to get redirected if SQL injection query succeeds, if not then it doesn’t get redirected

Posted on January 19, 2020 by JavaScripter

Under the authorization of my friend, I am testing his website against potential vulnerabilities.

I was trying to find if I was able to inject a SQL query into a POST request parameter hi’ or 1=1 –:

query=hi’%20or%201%3d1%20–

I found… Continue reading Response seems to get redirected if SQL injection query succeeds, if not then it doesn’t get redirected→

SQLmap is repeatedly showing error messages [closed]

Posted on January 18, 2020 by You Got A Friend in Me

I’ve been able to successfully download SQLMap and a lower version of Python than what I already had. Unfortunately it doesn’t seem to function properly. The commands I enter just don’t seem to register. I’ve tried /, -, –, putting the we… Continue reading SQLmap is repeatedly showing error messages [closed]→

Is this SQLMap query is correct?

Posted on January 11, 2020 by Danny

I am practicing on some vulnerable application, and I am asked to find an injection vulnerability with a payload. it states there is a common and simple filter in place. Then I need to extract the flag value from the chlns ta… Continue reading Is this SQLMap query is correct?→

in sql injection attack is possible update dump value using sqlmap or sql-shell?

Posted on December 15, 2019 by Eugen Velea

in sql injection attack is possible update dump value using sqlmap or sql-shell ? for example update username value. if yes, what is the order ?

Continue reading in sql injection attack is possible update dump value using sqlmap or sql-shell?→

Set injection method to Boolean blind rather than time based

Posted on October 3, 2019 by Jacob Cross

So I’ve managed to break into the database and I’m given the following vulnerabilities

Parameter: postids (GET)
Type: boolean-based blind
Title: Boolean-based blind – Parameter replace (original value)
Payload: d=1&cmd=g… Continue reading Set injection method to Boolean blind rather than time based→

how to get shell from blind sql injection? [on hold]

Posted on September 23, 2019 by Anonymous101

I’m trying to gain access to a web server after I found blind SQLi on the website. I used sqlmap to automate things.

I can read the databases and tables. tried to find a way to get a shell from SQL injection. I found a lot… Continue reading how to get shell from blind sql injection? [on hold]→

how to prove SQLi issue during penetration test [on hold]

Posted on August 16, 2019 by Carl

I’m struggling to find a solution to a knotty problem.

How could I prove that there’s a SQLi issue starting from the following url:

http://sitey1.com/welcome.php?welcome=<h2>Welcome! <br><br>We’re currentl… Continue reading how to prove SQLi issue during penetration test [on hold]→

Exploiting SQL-Injection Vulnerability in Oxid eShop CE 6.0.2 with SQLMAP [on hold]

Posted on August 10, 2019 by user104787

I installed Oxid eShop CE 6.0.2 on my local webserver to analyze the last SQL-injection vulnerability in this webapp.

I found out that it is possible to inject SQL via the sorting parameter (GET). So with the following URL, … Continue reading Exploiting SQL-Injection Vulnerability in Oxid eShop CE 6.0.2 with SQLMAP [on hold]→