Stack Overflow
Stack Overflow

Questions tagged [sqlmap]

sqlmap is an "Automatic SQL injection and database takeover tool". It can be used to detect flaws in any software with an underlying SQL database

sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections

128 questions
1
vote
0 answers

sqlmp encodes parameter and payload

I have a cookie with base64 encoded json data that is vulnerable to sql injection. I'm trying to get sqlmap to base64 encode the payload but it keeps encoding the leading json code as well. Cookie: sid=b6270368-4664-11ec-8ec2-98b2e4c71523;…
Bradley
  • 11
  • 1
1
vote
1 answer

SQLMap host does not seem to be injectable, does this mean there are no vulnerabilities?

python sqlmap.py -u "https://localhost:8080" --level=5 --risk=5 [15:13:30] [WARNING] parameter 'Host' does not seem to be injectable [15:13:30] [CRITICAL] all tested parameters do not appear to be injectable SQLMap outputted this after many…
devo9191
  • 219
  • 3
  • 13
1
vote
1 answer

SQLMAP missing one or more core extensions ('gzip', 'ssl', 'sqlite3', 'zlib')

How to solve the following problem? [16:49:39] [CRITICAL] missing one or more core extensions ('gzip', 'ssl', 'sqlite3', 'zlib') most likely because current version of Python has been built without appropriate dev packages
simba1949
  • 11
  • 2
1
vote
1 answer

How sqlmap internally works?

I'm trying to capture sqlmap traffic but I only see a single HTTP GET in wireshark without sql injection (its just the url I provide). I would expect 1 HTTP GET request per try (per sql injection then). How is sqlmap working to make its attemps ?…
Lou
  • 277
  • 1
  • 5
  • 15
1
vote
1 answer

How to dump specific data on SqlMap?

i have found the target that vuln with sqlmap, and there is 20k of data +-------------+----------------+--------------+ | usertype | email | password | +-------------+----------------+--------------+ | User | example@ex.com | …
Tunku Salim
  • 167
  • 1
  • 9
1
vote
0 answers

Sqlmap executed query always return 4 lines of incomplete result

I have a table which stored UID for users and I'm doing security check for my sqlserver 2008R2, currently I've successfully connected to my linked server using sqlmap and I tried to execute query injecting as below select UID from XXXX where…
stevekwokdev
  • 11
  • 1
1
vote
1 answer

using SQLMAP to test SQL injection in ASP.NET web application

I am trying to get SQLMAP tool to test the possibilities of SQL injection on my asp.net web application which has forms authentication. But I am not getting any clear directions on this. I have tried my hands on numerous forums and found nothing…
Krishna Samaga
  • 11
  • 1
  • 3
1
vote
1 answer

Retrieving comments from MySQL tables with sqlmap

I added a table comment in MySQL (northwind database) as follows ALTER TABLE northwind.fornitori COMMENT = 'tabella fornitori'; and I can retrieve the table comment with the following query SELECT TABLE_COMMENT FROM information_schema.TABLES WHERE…
ditch
  • 92
  • 9
1
vote
1 answer

fingerprinting the database with sqlmap

I have MySQL 5.1.58 and I executed the following command for fingerprinting the database with sqlmap python sqlmap.py -d "mysql://root:password@localhost:3306/northwind" --fingerprint' The output is [12:26:35] [INFO] the back-end DBMS is…
ditch
  • 92
  • 9
1
vote
3 answers

Connecting directly to database with credentials in SQLMap

I have the credentials of a TARGET website database and SQLMap Claims that you can connect to the database directly Here are my Commands on SQLMap in Kali Linux sudo sqlmap -d mysql://USER:PASSWORD@TARGET_IP:MySQL_Port/DATABASE example sudo sqlmap…
CatChMeIfUCan
  • 569
  • 1
  • 7
  • 26
1
vote
0 answers

SQLMAP --eval parameter, base64 a parameter containing hyphens

As suggested here https://security.stackexchange.com/questions/165528/sqlmap-eval-parameter-base64-a-parameter-containing-hyphens?noredirect=1#comment314635_165528 I move my question on Stack Overflow. Just got a problem trying to use the --eval…
valbrux
  • 320
  • 1
  • 12
1
vote
1 answer

How to set up sqlmap injection with xampp?

Now I use xampp for simulate server and I don't know how to post my code stackoverflow doesn't let me do. So I download Python ver2.7 and sqlmap for trying to injection my website (.php). and I search tutorial in Internet and get struct with this…
Palida
  • 13
  • 2
  • 4
1
vote
0 answers

Security issue with port 80

Please see the code below: public ActionResult URLInjection(string id) { string connectionString = ConfigurationManager.ConnectionStrings["SQLInjection"].ToString(); using (SqlConnection connection = new…
w0051977
  • 15,099
  • 32
  • 152
  • 329
1
vote
1 answer

sqlmap inject via parameters in soap body?

The soap body is like blow :
passion
  • 1,250
  • 9
  • 15
1
vote
2 answers

How to update Sqlmap with git?

I'm try to update my sqlmap in the Linux. But I get the error like this : error pathspec did not match any file s known to git. I'm just a freshman, and I am not too familiar with Git. How can I get past this error?
J.Joe
  • 81
  • 1
  • 7
1 2
3
8 9