Open fuckwbored opened 2 weeks ago
Oh, sorry.. i Had to use "help wanted" label
This is intended response, it means either there is a firewall blocking things or ghauri don't have bypass query. So what you can do is manually check the endpoint.
if SQLi is in URI param then Ghauri fails to retrieve any data because payloads not suitable for URI loading
@mastercho I have targets where injection was in URI ghauri worked fine for me what was your issue.
I couldn't find sqli with sqlmap and i tried ghauri. I found sqli but it showed me error [04:29:55] [WARNING] it was not possible to extract query output length for the SQL query provided. [04:29:55] [WARNING] the SQL query provided does not return any output [04:29:55] [ERROR] unable to retrieve the number of databases [04:29:55] [INFO] fetching current database [04:31:12] [WARNING] it was not possible to extract query output length for the SQL query provided.
i tried to use --flush-session and it showed me sqli again with another payload. but always "unable to retrieve the number of databases"
when i try to use --confirm it always gives me: [04:40:47] [CRITICAL] all tested parameters do not appear to be injectable., please rerun Ghauri with '--flush-session'.
i am unable not only retrive --dbs but --hostname --current-user etc... too Screenshots And i will attach screenshots with -v3 too. I hope it will help Here is --confirm: