Вопросы по SQLMap

Discussion in 'Уязвимости' started by randman, 1 Oct 2015.

  1. msk_smail

    msk_smail New Member

    Joined:
    9 Mar 2016
    Messages:
    48
    Likes Received:
    4
    Reputations:
    0
    можно использовать сразу связку из нескольких тамперов + используй --prefix="111'/*!40222" --suffix="*/!'"
    если не помогает, то определи какая waf и попробуй найти как вариант реальный ip сайта
    если и это не выходит то придется вручную писать тампер
     
  2. Xsite

    Xsite Member

    Joined:
    21 Jan 2010
    Messages:
    55
    Likes Received:
    5
    Reputations:
    0
    можно разьеснительную бригаду по поводу префикс суффикс ?
     
  3. brown

    brown New Member

    Joined:
    16 Oct 2016
    Messages:
    190
    Likes Received:
    4
    Reputations:
    0
    [08:04:48] [WARNING] there is a possibility that the target (or WAF/IPS) is drop
    ping 'suspicious' requests

    Как можно обойти?

    [08:04:48] [CRITICAL] connection timed out to the target URL. sqlmap is going to
    retry the request(s)
    [08:06:18] [CRITICAL] connection timed out to the target URL
    [08:06:49] [CRITICAL] connection timed out to the target URL. sqlmap is going to
    retry the request(s)
    [08:08:19] [CRITICAL] connection timed out to the target URL
    [08:08:19] [INFO] URI parameter '#1*' appears to be 'OR boolean-based blind - WH
    ERE or HAVING clause (NOT)' injectable (with --string="write")
    [08:08:19] [WARNING] in OR boolean-based injection cases, please consider usage
    of switch '--drop-set-cookie' if you experience any problems during data retriev
    al
    [08:08:19] [INFO] checking if the injection point on URI parameter '#1*' is a fa
    lse positive
    [08:08:49] [CRITICAL] connection timed out to the target URL. sqlmap is going to
    retry the request(s)
    [08:10:19] [CRITICAL] connection timed out to the target URL
    [08:10:49] [CRITICAL] connection timed out to the target URL. sqlmap is going to
    retry the request(s)
    [08:12:19] [CRITICAL] connection timed out to the target URL
    [08:12:19] [WARNING] false positive or unexploitable injection point detected
    [08:12:19] [WARNING] URI parameter '#1*' does not seem to be injectable

    ваф не дает прокрутить скулю
     
  4. ex3x1

    ex3x1 New Member

    Joined:
    14 Sep 2019
    Messages:
    7
    Likes Received:
    1
    Reputations:
    0
    Доброго дня! К примеру знаю что в БД есть строка с почтой [email protected], но имя таблицы и колонки не знаю т.к. они имеют рандомные названия типа "dfdwydponefdxb". Как выполнить поиск по всей БД и найти в какой таблице есть запись с [email protected]?
     
Loading...