sqlmap -u http://metin2lf.ro/index.php?page=register --dbms MYSQL --level 5 --risk 3
Is there something wrong with my command? It says referrer parameter "referrer" is not injectable. I raised level and risk gradually from 1 to maxim. But now what's next...? I think that MYSQL is right, I had a server like this about 2-3 years ago. Why I can't use sqlmap? Do I need a numeric parameter for eg php?id=1?. Is the server overprotected? it's powered by nginx...
It's just an online game. Some friends hacked some databases of another servers ( everyone can have a server of this game, you need just a host ) but they tried manually by guessing accounts. I don't wanna to destroy that server or cause any damage, i'm friend with the owner, but I just want to know.. if sqlmap can do it, and what i'm doing wrong.
Sorry for my "noobism" :D.
P.S: Sorry for my... bad English :(.
9 Responses
How do you even know if the server is vulnerable to SQL injection? Also SQLmap is hard and loud if you don't want to damage your friends server.
I checked the website for a moment. http://metin2lf.ro/index.php?page=ban-temp This url seemed eligible to injection. A word of advise - Always check if the page is vulnerable manually by some basic techniques then move on to automated tools like sqlmap.
Regards,
Calypsus
Hm, I just want to see if It can tell me the name of the database. So you say it is not vulnerable to SQL injection? It's written in html and php... right? So.. it should be, right? And the database itself is handled by Navicat which works with SQL, MYSQL and others, but i'm 100% percent sure it's MYSQL.
The site may be vulnerable to SQL injection, but you would have to find out. All you have done so far to test it is slam sqlmap against it. Not every site is vulnerable to SQL injection.
Try running a nmap scan for port 1433 or 1434 those are the ports that sql database run on. Also, you do need to set 'php?id=' numeric value.
Hm, when i'm trying to test the link with the classic apostrophe it doesn't say "you have a syntax error in your sql syntax bla bla bla" it shows me this.
Translate from my language :" Absent or unavailable module temporally. Please come back later !
It's a classic error hidden? What error could be behind those words?
SHADOW ZERO, can't find any sub-pages with a numeric value or with php?id. Is there any difference between php?id and php?page? or is the same thing written different?
P.S: I found out that DBMS is Oracle
But then it failed again. :))
Should I use a tamper?
Ok, i'm confused, now it says it's SQLite
And failing again of course. :))
Ok that's weird... as far as I know databases don't just change types, so there's something fishy here unless they've changed the database in the time between Oracle and Sqlite information. I'm relatively still new to sqlmap, but from my limited experience I have always used php?id and never use php?page? before.... so I don't know what php?page? means. I'm assuming that there's no similarity at all since not even Google is finding a difference. I suggest you run a nmap scan on port 1433 or 1434 to figure out the exact database type or you could run the auxiliary/scanner/mysql/mysqllogin Metasploit module. Hope that helps a bit. :)
On port 3306 it says MYSQL and on ports 1433/1434 it says MSSQL...
There you go... now you know which database it is. :)
Share Your Thoughts