IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [sqlmap]

sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers.

sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers.

152 questions
0
votes
0 answers

Encoding javascript cookies in sqlmap

I'm trying to inject cookies that are already encoded in base64 that look like this: XSRF-TOKEN=eyJpdiI6IioiLCJ2YWx1ZSI6IioiLCJtYWMiOiIqIn0= Decoded looks like this: XSRF-TOKEN={"iv":"*","value":"*","mac":"*"} So what I tried to do was to inject the…
Juan2
  • 1
  • 2
0
votes
1 answer

sqlmap is encountering 403 forbidden

I am trying to complete an SQL injection CTF here. I confirmed just adding a single ' mark at the end of the URL caused a MySQL syntax error, and following this tutorial, I could complete this challenge without any automated tools. Here is the…
questioner
  • 171
  • 2
  • 11
0
votes
0 answers

How does the --os-shell parameter in Sqlmap work? Is it still anonymous over Tor?

How does the --os-shell parameter in Sqlmap work? I know its uploading a backdoor, but how is Sqlmap uploading it and is the file just a normal reverse shell trojan? Also, is it still anonymous when being used over the --tor switch?
UndercoverDog
  • 612
  • 2
  • 17
0
votes
1 answer

What is the wisdom of using the ASCII function in exploit SQLi?

I mean, I can exploit the vulnerability using a substring function and without using an ASCII function like: SELECT username FROM users WHERE id = 1 AND (SELECT substring(password,1,1) FROM users WHERE username = 'admin' ) = 'a'; And I can exploit…
Abdrrhmen
  • 1
0
votes
0 answers

How to modify a database through SQL injection UNION?

I need help with an sqli exercise. I used sqlmap to find a UNION vulnerability. I managed to get the H2 version with this payload: string') UNION ALL SELECT NULL,H2VERSION(),NULL,NULL,NULL-- But I would like to modify the database. I tried with…
ilich262
  • 1
0
votes
1 answer

Cloudflare SQLinjection protection

I'm testing for vulnerabilities for a specific site using sqlmap. However, the site has a cloudflare firewall which blocks queries including for example *, ANY or OR. I sort of found a bypass while searching for people who've bypassed it. They…
nonetype
  • 1
  • 1
0
votes
0 answers

SQLMAP payloads don't work manually, why?

I was trying out SQLMAP on DVWA (medium security for SQL injection), and I did get a set of payloads (sqlmap chucked out a few payloads that should have worked). But entered manually, I couldn't get the payloads to work. If I let sqlmap do the job,…
kellyr
  • 1
  • 1
0
votes
0 answers

How to use sqlmap to test a chain of requests

I'm trying to use sqlmap to test an application where a search is performed in two requests. The first request-response pair is like POST /endpoint.aspx Host: example.com Qf_status: 0 Qf_find: searchstring Content-Length: 0 HTTP/1.1 200 OK…
Elliot
  • 131
  • 3
0
votes
0 answers

How to utilise sqlmap's blind enumeration when you already know the SQL injection query

I am looking for some help on how to get the best out of sqlmap. I am practising on a web application that runs the following query when the login form is submitted: SELECT * FROM Users WHERE username = '' AND passhash =…
Mark
  • 1
  • 1
0
votes
1 answer

Sqlmapapi configuring task options

I'm trying to make scans using Sqlmapapi. I have added a new task, and when I call /option/$taskId/list in response, I receive JSON output with options that can be set. I could not find any information on how can I do it. How to call API to set a…
Bidon47
  • 1
  • 3
0
votes
0 answers

Sqlmap, All tested parameters do not appear to be injectable

I am new to SQLMAP, I have been practicing with the Altoro Mutual portal which is a vulnerable portal, just enter the code 'OR 1 = 1 - in one of its forms (Login) and we will obtain administrator access to the portal. Altoro M. Login sqlmap -u…
Antuanct
  • 1
  • 1
0
votes
1 answer

Sqlmap won't pick up injection point. Tweak?

I manually found an injection point, on CTF VM, located on POST form. I found it with the following manual payload : 1' OR SLEEP(1)-- t I would like to use sqlmap. I ended with following call : sqlmap -u "http://shop.home/shop/administrator/"…
nbonniot
  • 103
  • 3
0
votes
0 answers

SQLMap - Invalid character detected. retrying

I recently discovered an time-based blind SQL injection attack on one of the websites. I was able to dump the data with 100 threads (By default, SQLmap doesn't allow more than 10 but, I modified the source code) running in parallel at a rate of…
7_R3X
  • 606
  • 3
  • 12
  • 25
0
votes
1 answer

SQLi Filter Bypass with banned table/column names

I've studying and practicing different approach to SQLi filter bypass and I faced a challenge. What if the WAF filters look for specific strings rather than SQL keywords? Example: Filter: /UNION/ SQLi: UnIoN Filter: /UNION/i SQLi:…
Cob013
  • 133
  • 4
0
votes
0 answers

Understanding sqlmap's payload for blind sql injection

I am fairly new to sql injections and tried to solve a little hackit to understand everything better. I wasn't able to solve one of the levels so I ran sqlmap to see what it would do. The payloads that I got looked a bit like…
cybel
  • 111
  • 3
1 2 3
10 11