Collaborate Disseminate
This is my code in phpm I was wondering if there is a way to bypass sql protection, because everything is already blocked.
Is this secure?
$max = 10;
if (isset($_GET[‘max’]) && !is_array($_GET[‘max’]) && $_GET[‘max’]>0)… Continue reading Is sql injection possible here ? or I can consider this as safe? [closed]
I’ve come across a webpage that uses Iron cookies. These cookies have the exemplary format: Fe26.2**0cdd607945dd1dffb7da0b0bf5f1a7daa6218cbae14cac51dcbd91fb077aeb5b*aOZLCKLhCt0D5IU1qLTtYw*g0ilNDlQ3TsdFUqJCqAm9iL7Wa60H7eYcHL_5oP136TOJREkS3B… Continue reading How to ignore asterisk characters in sqlmap?
How to sort the results of Google Dorks in Sqlmap using the –scope option?
The post request like this:
POST /api/test/ HTTP/1.1
Host: example.com
Cookie: .ASPXAUTH=5B8094E
Content-Type: application/json; charset=utf-8
Connection: close
Content-Length: 179
{"Verb":"GET","Url":"… Continue reading SQLmap custom injection point in JSON
I recently performed a vulnerability assessment on a system using ZAP (Zed Attack Proxy) and received a finding indicating a likely SQL injection vulnerability.
The query time is controllable using parameter value [case
randomblob(1000000… Continue reading Adding Payload to URL-based SQL Injection: Seeking Guidance and Best Practices
I am trying to automate sql injection using sqlmap by using the following command:
sqlmap -r req.txt –dump
where req.txt is the request which is captured with Burp Suite. sqlmap couldn’t find the vulnerability,
[WARNING] Cookie parameter… Continue reading sqlmap base64 encoded cookie with working manual sql injection
Sqlmap says "found x targets, y of them are testable". What makes a testable target for sqlmap?
How is the scan with –ignore-code different from a scan without it?
Continue reading What does Sqlmap option –ignore-code do? [closed]
What are the practical differences between them? i.e. a parameter referred to as being "dynamic" and "not dynamic"?
Continue reading What’s the difference between dynamic and static parameters in Sqlmap?
I have a target website, which parameter is not a regular parameter, which looks like:
POST /some_url
‘info={"actual_parameter1": "abc", "actual_parameter2": "def"}’
info is not the actual_paramete… Continue reading How to use sqlmap when the injectable parameter is not a regular parameter?