So SQLMAP works basically with sites that ends in php?id=5 for eg. But... my question is... how you hack a website that ends in.. php?page=download.. or something like that, a website that doesn't end in php?id=number.. or a website that ends in .com .fr, etc. Those are non-vulnerable sites, right? But i bet that they're still "hackable". Can someone give me some advices?
Forum Thread: Kali Linux SQLMAP Question.
- Hot
- Active
-
Forum Thread: How to Track Who Is Sms Bombing Me . 4 Replies
2 mo ago -
Forum Thread: Removing Pay-as-You-Go Meter on Loan Phones. 1 Replies
2 mo ago -
Forum Thread: Hydra Syntax Issue Stops After 16 Attempts 3 Replies
2 mo ago -
Forum Thread: moab5.Sh Error While Running Metasploit 17 Replies
3 mo ago -
Forum Thread: Execute Reverse PHP Shell with Metasploit 1 Replies
4 mo ago -
Forum Thread: Install Metasploit Framework in Termux No Root Needed M-Wiz Tool 1 Replies
5 mo ago -
Forum Thread: Hack and Track People's Device Constantly Using TRAPE 35 Replies
6 mo ago -
Forum Thread: When My Kali Linux Finishes Installing (It Is Ready to Boot), and When I Try to Boot It All I Get Is a Black Screen. 8 Replies
6 mo ago -
Forum Thread: HACK ANDROID with KALI USING PORT FORWARDING(portmap.io) 12 Replies
7 mo ago -
Forum Thread: Hack Instagram Account Using BruteForce 208 Replies
7 mo ago -
Forum Thread: Metasploit reverse_tcp Handler Problem 47 Replies
9 mo ago -
Forum Thread: How to Train to Be an IT Security Professional (Ethical Hacker) 22 Replies
9 mo ago -
Metasploit Error: Handler Failed to Bind 41 Replies
9 mo ago -
Forum Thread: How to Hack Android Phone Using Same Wifi 21 Replies
10 mo ago -
How to: HACK Android Device with TermuX on Android | Part #1 - Over the Internet [Ultimate Guide] 177 Replies
10 mo ago -
How to: Crack Instagram Passwords Using Instainsane 36 Replies
10 mo ago -
Forum Thread: How to Hack an Android Device Remotely, to Gain Acces to Gmail, Facebook, Twitter and More 5 Replies
10 mo ago -
Forum Thread: How Many Hackers Have Played Watch_Dogs Game Before? 13 Replies
10 mo ago -
Forum Thread: How to Hack an Android Device with Only a Ip Adress 55 Replies
11 mo ago -
How to: Sign the APK File with Embedded Payload (The Ultimate Guide) 10 Replies
11 mo ago
-
How To: Use Burp & FoxyProxy to Easily Switch Between Proxy Settings
-
How To: Scan for Vulnerabilities on Any Website Using Nikto
-
How To: Crack Password-Protected Microsoft Office Files, Including Word Docs & Excel Spreadsheets
-
How to Hack Wi-Fi: Stealing Wi-Fi Passwords with an Evil Twin Attack
-
Android for Hackers: How to Turn an Android Phone into a Hacking Device Without Root
-
How To: Enumerate SMB with Enum4linux & Smbclient
-
How To: Extract Bitcoin Wallet Addresses & Balances from Websites with SpiderFoot CLI
-
How To: The White Hat's Guide to Choosing a Virtual Private Server
-
How To: Hack Facebook & Gmail Accounts Owned by MacOS Targets
-
How To: Gather Information on PostgreSQL Databases with Metasploit
-
How To: Make Your Own Bad USB
-
How To: Top 10 Things to Do After Installing Kali Linux
-
How To: Fuzz Parameters, Directories & More with Ffuf
-
How To: Scrape Target Email Addresses with TheHarvester
-
How To: Dox Anyone
-
Hack Like a Pro: Cryptography Basics for the Aspiring Hacker
-
Steganography: How to Hide Secret Data Inside an Image or Audio File in Seconds
-
How To: Use Metasploit's WMAP Module to Scan Web Applications for Common Vulnerabilities
-
How To: Use SpiderFoot for OSINT Gathering
-
How To: Exploit EternalBlue on Windows Server with Metasploit
3 Responses
first scan it or simply add ' to end of line and you woulda see sql error showing up,
if id is in middle of line for example php?id=5/download and etc you have to start hack at where data is vulnerble and by hand( i dont think sqlmap support it never tried it)
it sholdnt be php?id=1 or 2 or what ever it could be any thing that could be vulnerble ( you can use dorks to find them).
hope i made it clear if not ask me.
Hmm, when i try to test it by adding " ' " at the end of the line i receive a 404 Not Found Error, is that something good? I know that it should show me a mysql error, not a 404, right? And i can't find any numbers in URL... i checked all the links from that site.
It's just php?page=register php?page=download and so on..
Could you recommand me a good tool avaible in Kali for vulnerabilities scan?
bro i strongly recommand you to start learning basics not just going to use tools remember ! hacker make tools not tools make hacker so go learn basic programming there are many channels tech you about it or you can use my channel here https://www.youtube.com/playlist?list=PLrHr-ReUmmcdJqx4foNW-vAZ0WFKNPYZr
its not great but hey :D
but if your too lazy to learn basic of programming go learn atleast basic of topic you want to use lets say you want to learn sql go learn about it not just using tools and copy paste bunch of commands that you dont know actully how it works.
Share Your Thoughts