1

I'm solving this challenge/lab where SQLi is inside the cookie parameter. After solving it manually, I thought to check if it can extract data. I used sqlmap with --cookie=COOKIE* (Notice * that's the marker to tell sqlmap about the injection point) and --level=2 (Level 2 means look for flaws in cookie parameters along with GET and POST para)

python3 sqlmap.py -u {URL} --cookie=COOKIE* --level=2

It detects the vulnerability. However, if I use --dbs it tells me the back-end DBMS is PostgreSQL and --dbs: command not found

--dbs is a valid option to look for database, I don't understand why its not working.

My assumption is it's because of one of the two reasons

  1. You can't use sqlmap to extract data if the attack is blind or
  2. There is another option to extract data in the case of blind attack and you can't use --dbs

Could someone point me to right direction, where am I going wrong?

Mike
  • 11
  • 1
  • There are some scenarios on which sqlmap is not working. It is very good but is not a perfect tool. To answer to your first question, for sure you can extract databases on blind sqlis. For the second, you need to try and error. Maybe you could try --sql-shell and then try postgres commands. – OscarAkaElvis Apr 06 '21 at 19:18
  • sqlmap will work also with blind injections and you should be able to extract information from the database. What is your full command line? Have you checked what happens when you log everything with `-t traffic.log`? Error "command not found" sounds like you have an issue in your command line. You can also try `-r query.txt` and add the full HTTP query to that file. – fgeek May 06 '21 at 07:47

0 Answers0