i need help for sql

[aeroxgd]

I get these vulnerabilities on one site; "GET parameter 'cat' appears to be 'IBM DB2 stacked queries (heavy query - comment)' injectable it looks like the back-end DBMS is 'IBM DB2 , GET parameter 'cat' appears to be 'MySQL < 5.0.12 stacked queries (BENCHMARK)' injectable it looks like the back-end DBMS is 'MySQL"

But it gives a false positive warning and I cannot retrieve data, what should I do?

 

[MOYAGOLUBUSHKA]

I assume you are working with sqlmap.

ngl, IBM DB2 stacked seems odd, I would bet on MySQL.
Anyway, there is no alternative to manual exploitation in my opinion.

I would advise you to increase Sqlmap's verbosity to see where it detects the Sqli.
Let me ask a friend who is a better at Sqlmap user and Ill get back to you.

 

[aeroxgd]

Sqlmap ile çalıştığınızı varsayıyorum.

ngl, IBM DB2 yığılmış tuhaf görünüyor, MySQL'e bahse girerim.
Zaten bana göre manuel sömürünün alternatifi yok.

Sqli'yi nerede tespit ettiğini görmek için Sqlmap'in ayrıntı düzeyini artırmanızı tavsiye ederim.
Sqlmap kullanıcısı daha iyi olan bir arkadaşıma sorayım, size geri dönüş yaparım.

"--threads=10 --level=5 --risk=3 --tamper="space2comment,randomcase" --flush-session --fresh-queries --hex" i am trying all the features, additionally, i tried it in ghauri, it detects the vuln but throws a false positive error. Since i thought this problem might be caused by WAF, i tried all the scripts for mysql, but it does not work.

 

[MOYAGOLUBUSHKA]

I assume you are working with sqlmap.

ngl, IBM DB2 stacked seems odd, I would bet on MySQL.
Anyway, there is no alternative to manual exploitation in my opinion.

I would advise you to increase Sqlmap's verbosity to see where it detects the Sqli.
Let me ask a friend who is a better at Sqlmap user and Ill get back to you.

He offered to add

python3 sqlmap.py --flush-session

to avoid false positives
and regarding the verbosity you have up to - vvvvvv (will show what you send and receive )

"--threads=10 --level=5 --risk=3 --tamper="space2comment,randomcase" --flush-session --fresh-queries --hex" i am trying all the features, additionally, i tried it in ghauri, it detects the vuln but throws a false positive error. Since i thought this problem might be caused by WAF, i tried all the scripts for mysql, but it does not work.

Just sayin he stated "heavy query - comment" which means its already high risk and level
looking at your tamper params, "equalstolike" could do the trick.
I would try without --hex too

 

[aeroxgd]

I get this response, but there is no follow-up and it says that the parameter cannot be injected and is a false positive.

if u use telegram, we can try togther

 

[cyber512]

it possible be just false-positive, also can try
# Valid: a string composed by B, E, U, S, T and Q where:
# B: Boolean-based blind SQL injection
# E: Error-based SQL injection
# U: UNION query SQL injection
# S: Stacked queries SQL injection
# T: Time-based blind SQL injection
# Q: Inline SQL injection
# Example: ES (means test for error-based and stacked queries SQL
# injection types only)
# Default: BEUSTQ (means test for all SQL injection types - recommended)
tech = BEUSTQ

 

[aeroxgd]

sadece yanlış pozitif olması mümkündür, ayrıca deneyebilirsiniz
# Geçerli: B, E, U, S, T ve Q'dan oluşan bir dize burada:
#B: Boolean tabanlı kör SQL enjeksiyonu
# E: Hataya dayalı SQL enjeksiyonu
# U: UNION sorgusu SQL enjeksiyonu
#S: Yığılmış sorgular SQL enjeksiyonu
# T: Zamana dayalı kör SQL enjeksiyonu
# S: Satır içi SQL enjeksiyonu
# Örnek: ES (hata tabanlı ve yığınlanmış SQL sorguları için test anlamına gelir)
# yalnızca enjeksiyon türleri)
# Varsayılan: BEUSTQ (tüm SQL enjeksiyon türleri için test anlamına gelir - önerilir)
teknoloji = BEUSTQ

Teşekkürler, deniyorum, bu yanlış pozitif durumu çözmenin alternatif bir yolu var mı?

 

[cyber512]

PM for private consult

 

[r4cket3er]

turn on verbosity and check output by yourself:

-v 5

 

[aeroxgd]

turn on verbosity and check output by yoursel

f:

-v 5

is this a WAF issue? I use tamper to overcome this, but I think it doesn't help. What should I use, Tor server, proxy or something?

Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=To0S%2FL7OUPXe4yoNHRGgF9u7qJq%2Fp9ElO6eZ4yxQ4k%2BXxQVkBWnh11dNjwQQZiZ0AWXg%2Bz7C%2BV5A8F7RNzfro30lt5UwoH%2Bt7HkfBmDxMszpdrUe6wDth%2ByB%2FTzI0e7LEUk%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 8e1684f99c16e4b5-OTP
Content-Encoding: gzip

 

[r4cket3er]

kinda, it's cloudflare. u need to find real ip using dnsdumpster

 

[aeroxgd]

bir çeşit bulut parlaması. dnsdumpster'ı kullanarak gerçek IP'yi bulmanız gerekiyor

ip? i use this endpoint; https://site/css.php?cat=1 and this is the endpoint where I discovered the vulnerability, but I think it's because of WAF, I'm getting a false-positive error

 

[r4cket3er]

ip? i use this endpoint; https://site/css.php?cat=1 and this is the endpoint where I discovered the vulnerability, but I think it's because of WAF, I'm getting a false-positive error

Cloudflare works like this: it redirects your traffic to its servers, filters it and sends it to the owner's servers. That's why u should try searching server's real ip. (https://xss.pro/threads/82843/).

 

[aeroxgd]

Cloudflare works like this: it redirects your traffic to its servers, filters it and sends it to the owner's servers. That's why u should try searching server's real ip. (https://xss.pro/threads/82843/).

--headers="X-Forwarded-For: Server adress" like this?