I am practicing on some vulnerable application, and I am asked to find an injection vulnerability with a payload. it states there is a common and simple filter in place. Then I need to extract the flag
value from the chlns
table.
So I use SQLmap to find it.
Please read below and correct me if I am wrong in any stage:
sqlmap -u 'http://www.site.com/game.php?name=sarah’ --dbs
When I run it, it asks that it is being redirected to facebook, and I press n
to not do that. Then it continious and load 3 databases as such:
-- information_schema
-- chlns
-- people
on I run the following query:
sqlmap -u 'http://www.site.com/game.php?name=sarah’ -D chlns --tables
to get all the tables. After it starts running it gives the below error:
[ERROR] unable to retrieve the table names for any database
do you want to use common table existence check? [y/N/q] y
Then it asks for a file or use the default wordlist. Which I used the default option. At the end it came up with a list of tables (13 overall) which then I used the below code for one of the sample table names:
sqlmap -u 'http://www.site.com/game.php?name=sarah’ -D chlns T- table --dump
this code asks for the same thing when i run it and want to run it through a worklist. each process takes a long time around 10/15 mins and each time it come up with an error like below:
HTTP error code: 414 (Request-URI Too Large) [*N times...
And i get nowhere. Am I doing anything wrong here? or is there any easier way?
the excercise mentiones there is a table called chlns
but it seems chlns
is a database instead. This could be the case as in another excercise chlns
was the database and one
was the name of the table that flag
existed.
Is there any suggestions to make this process easier or any pro advice?
Thanks in advance,