That depends what choice you wanna go? manually or using a tool.
First of all, you should make sure that your recon tool did not accidentally generate a false positive, as many do just by nature. Browse the server until you find a url ending in something like "id=12357". To see if it is vulnerable, type in an apostrophe (This thing: ') right after the number. If the page shows an error, or perhaps some elements of the page go missing, it is a vulnerable page!
Site admin OTW actually wrote a tutorial on using a tool in Kali Linux called "sqlmap" to uncover database files. You can find that here.
If you have permission to test...sqlmap can do alot of things. But I would advise you to understand what sql injection actually does, and how. Many things can result from sql injection like shell access.
Thank you all.It states that the site is a friend of mine and I am one staffer.
We are just checking the security of our site. I already tried on sqlMap to enumerate the database with the string saddle scan:
bueno espero hablas espanol, y ya que tienes esa peticion echa desde burp puedes guardar el resultado en un archivo txt y probar con sqlmap -r, ya si no te sale te puedo ayudar si gustas
6 Responses
That depends what choice you wanna go? manually or using a tool.
First of all, you should make sure that your recon tool did not accidentally generate a false positive, as many do just by nature. Browse the server until you find a url ending in something like "id=12357". To see if it is vulnerable, type in an apostrophe (This thing: ') right after the number. If the page shows an error, or perhaps some elements of the page go missing, it is a vulnerable page!
Site admin OTW actually wrote a tutorial on using a tool in Kali Linux called "sqlmap" to uncover database files. You can find that here.
Null Byte has lots of articles about SQL injection, take a look: https://null-byte.wonderhowto.com/search/sql/
Cheers
Washu
If you have permission to test...sqlmap can do alot of things. But I would advise you to understand what sql injection actually does, and how. Many things can result from sql injection like shell access.
Thank you all.It states that the site is a friend of mine and I am one staffer.
We are just checking the security of our site. I already tried on sqlMap to enumerate the database with the string saddle scan:
/search.php?sd=d&searchid=unanswered&sk=t&sr=topics&st=-1%27%20or%2085%20%3d%20%2783
but no results, other suggestions?
Sorry for my English, I use a translator.
bueno espero hablas espanol, y ya que tienes esa peticion echa desde burp puedes guardar el resultado en un archivo txt y probar con sqlmap -r, ya si no te sale te puedo ayudar si gustas
Share Your Thoughts