Sqlmap help

[Surgeon]

Hello

i am new to SQL, facing this error in sqlmap. i have already found the vuln but i am unable to dump database.

PMs also appreciated.

 

[corax]

url в кавычи возьми или экранируй спецсимволы.

 

[Surgeon]

url в кавычи возьми или экранируй спецсимволы.

Thanks for the help, i know it was silly _

 

[Surgeon]

unable to retrieve table names Database

 

[etc/passwd]

Может быть фильтр на что нибудь , например точка, прочерк и т.д.
Руками смотреть надо

 

[Surgeon]

since i dont know any slq, should i bruteforce admin panel or try some other software like JSQL . but with Jsql i am facing issues of redirection 302. ie [the page is redirected to othrt page & i cannot control it in jSQL ]

Может быть фильтр на что нибудь , например точка, прочерк и т.д.
Руками смотреть надо

 

[etc/passwd]

since i dont know any slq, should i bruteforce admin panel or try some other software like JSQL . but with Jsql i am facing issues of redirection 302. ie [the page is redirected to othrt page & i cannot control it in jSQL ]

Покажи Payload.

 

[X4Crow]

Try --identify-waf and --tamper = space2comments - This problems generally ocours when some waf/script is blocking some words, try another tampers too.

 

[Surgeon]

Покажи Payload.

Payload

 

[Surgeon]

Try --identify-waf and --tamper = space2comments - This problems generally ocours when some waf/script is blocking some words, try another tampers too.

i have detected waf firewall.

AWS
Nginx

 

[X4Crow]

i have detected waf firewall.

Like I sayed in the last post, This problems generally ocours when some waf / script is blocking some words. Try the tampers to bypass the firewall. Try various combinations of tampers. Good Lock. [/ QUOTE]

 

[etc/passwd]

--tamper=charencode.py как вариант.

 

[Surgeon]

Like I sayed in the last post, This problems generally ocours when some waf / script is blocking some words. Try the tampers to bypass the firewall. Try various combinations of tampers. Good Lock. [/ QUOTE]

--tamper=charencode.py как вариант.

I tried using :

--flush-session

--random-agent
--no-cast
--tamper=charencode.py [and many more] since it was more relatable. [mysql version] good catch
--threads

now i am getting [Critical error] all tested param do not appear to be injectable, blah blah

but i get the Database names. so im guessing its still vuln. is it? i don't know.

i am losing hope.

 

[etc/passwd]

Database names ты можешь получать из сохраненной сессии.
Попробуй через браузер вставить playload и перейти. Ты должен увидеть набор букв, который у тебя в хексе.
Если работает, то вместо него в ковычках подставь символы и смотри есть ли фильтр и на что.