fuckwbored
commented
2 weeks ago Oh, sorry.. i Had to use "help wanted" label
Open fuckwbored opened 2 weeks ago
fuckwbored
commented
2 weeks ago Oh, sorry.. i Had to use "help wanted" label
r0oth3x49
commented
2 weeks ago This is intended response, it means either there is a firewall blocking things or ghauri don't have bypass query. So what you can do is manually check the endpoint.
mastercho
commented
2 weeks ago if SQLi is in URI param then Ghauri fails to retrieve any data because payloads not suitable for URI loading
r0oth3x49
commented
1 week ago @mastercho I have targets where injection was in URI ghauri worked fine for me what was your issue.
I couldn't find sqli with sqlmap and i tried ghauri. I found sqli but it showed me error [04:29:55] [WARNING] it was not possible to extract query output length for the SQL query provided. [04:29:55] [WARNING] the SQL query provided does not return any output [04:29:55] [ERROR] unable to retrieve the number of databases [04:29:55] [INFO] fetching current database [04:31:12] [WARNING] it was not possible to extract query output length for the SQL query provided.
i tried to use --flush-session and it showed me sqli again with another payload. but always "unable to retrieve the number of databases"
when i try to use --confirm it always gives me: [04:40:47] [CRITICAL] all tested parameters do not appear to be injectable., please rerun Ghauri with '--flush-session'.
i am unable not only retrive --dbs but --hostname --current-user etc... too Screenshots
And i will attach screenshots with -v3 too. I hope it will help
Here is --confirm:
