Forum Thread: Blind SQL Injection

That depends what choice you wanna go? manually or using a tool.

First of all, you should make sure that your recon tool did not accidentally generate a false positive, as many do just by nature. Browse the server until you find a url ending in something like "id=12357". To see if it is vulnerable, type in an apostrophe (This thing: ') right after the number. If the page shows an error, or perhaps some elements of the page go missing, it is a vulnerable page!

Site admin OTW actually wrote a tutorial on using a tool in Kali Linux called "sqlmap" to uncover database files. You can find that here.

Null Byte has lots of articles about SQL injection, take a look: https://null-byte.wonderhowto.com/search/sql/

Cheers
Washu

If you have permission to test...sqlmap can do alot of things. But I would advise you to understand what sql injection actually does, and how. Many things can result from sql injection like shell access.

Thank you all.It states that the site is a friend of mine and I am one staffer.

We are just checking the security of our site. I already tried on sqlMap to enumerate the database with the string saddle scan:

/search.php?sd=d&searchid=unanswered&sk=t&sr=topics&st=-1%27%20or%2085%20%3d%20%2783

but no results, other suggestions?

Sorry for my English, I use a translator.

bueno espero hablas espanol, y ya que tienes esa peticion echa desde burp puedes guardar el resultado en un archivo txt y probar con sqlmap -r, ya si no te sale te puedo ayudar si gustas