Stack Overflow
Stack Overflow

Questions tagged [sqlmap]

sqlmap is an "Automatic SQL injection and database takeover tool". It can be used to detect flaws in any software with an underlying SQL database

sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections

128 questions
1
vote
0 answers

How to use the sqlmap installed from macports?

I installed sqlmap from macports 2.3.4 on macOS Sierra 10.12 sqlmap @0.9_1 (security, databases, python) sqlmap is an open source penetration testing tool. Then found: > sqlmap zsh: command not found: sqlmap > python…
Daizy
  • 331
  • 2
  • 5
  • 12
1
vote
3 answers

Cannot create PoolableConnectionFactory (unknown system variable 'language')

Anyone who had troubled with this error? Cannot create PoolableConnectionFactory (unknown system variable 'language') Programming with java, mysql, ibatis. Added some codes and existing codes make this error as well. Below are the error…
Minjee
  • 71
  • 1
  • 8
1
vote
2 answers

Getting hostname using sqlmap

There is a website abc.com which is vulnerable to SQL injection, I have verified this via sqlmap , So i got the username and password after this https://github.com/sqlmapproject/sqlmap/wiki/Usage but I noticed that database is running on oracle, I…
Johnny
  • 1,743
  • 2
  • 10
  • 12
1
vote
0 answers

Plugin for integrating SQLMAP with Burp Suite

I am trying to do SQL Injection using the SQLMAP Burp Plugin which I downloaded from http://code.google.com/p/gason/downloads/list. I have followed the steps for windows provided in http://resources.infosecinstitute.com/sqlmap-burp-plugin-2/. But…
Sai Dutt Mekala
  • 133
  • 6
1
vote
1 answer

Sqlmap parameter "might not be injectable"

Im starting with sqlmap and I have the following doubt: When I try to use sqlmap (trying to bypass waf) using this snippet: sqlmap.py -u "http://prefing.umsa.edu.bo/index.php?option=com_newsfeeds&view=newsfeed&id=1&feedid=1&Itemid=18" --dbs…
Alan Alvarez
  • 646
  • 2
  • 11
  • 32
1
vote
2 answers

tor not working with sqlmap

root@kali:~# sqlmap --tor --tor-type=SOCKS5 -u http://www.target.com/abc.php?cat=50 sqlmap/1.0-dev - automatic SQL injection and database takeover tool http://sqlmap.org [!] legal disclaimer: Usage of sqlmap for attacking targets without prior…
noob123
  • 11
  • 1
  • 3
1
vote
1 answer

sqlMapClient.startTransaction() - cases

Is it possible to use sqlMapClient.startTransaction(); and sqlMapClient.commitTransaction(); in the case of Select statements? I have given start and commit transaction for insert , update and select statement and somewhere I am getting an…
Sreevidya Aravind
  • 433
  • 1
  • 6
  • 18
1
vote
3 answers

Using two different versions of python but sqlmap needs 2.7

I've recently started using sqlmap and found out it needs python2.7. I installed 2.7 and added it to my PATH along with 3.4. My current path looks like this: c:\Other-Programs\;c:\Python27;c:\Python34 So When I try to run sqlmap i follow these…
Mr.Smithyyy
  • 2,157
  • 12
  • 49
  • 95
1
vote
0 answers

SQLMap not showing output in command prompt

I am having a strange issue with SQLMap. It seems to be outputting text but it is not visible. I know it is outputting text because I can actually copy it and paste it somewhere else to see it. This is what it looks like: The large black area is…
Slava Knyazev
  • 5,377
  • 1
  • 22
  • 43
1
vote
1 answer

SQLMAP - appears to be injectable, but it does not

Is my site vulnerable to sql injection or not? I don't get the "UNION injectable" on all of my pages, but I get it in the user profile should I be worried? It says 'u' is not injectable in the end. Thanks
Alice
  • 701
  • 1
  • 5
  • 17
0
votes
1 answer

How to authenticate Central Authentication Service(CAS) with sqlmap?

I have a problem with CAS. I have a website which has several applications based on CAS and I want to do some SqlInjection tests in order to close holes in the system as much as possible. But because of the ticket system of CAS, I couldn't pass the…
0xmtn
  • 2,625
  • 5
  • 27
  • 53
0
votes
0 answers

sqlmap cut last 2 symbols of MD5 hash password. Hach the box

I have my blackbox machine, with sql injection. But when i try to see md5 hash of password, i got only 30 symbols. How can i fix it? [00:13:15] [ERROR] unable to retrieve the number of columns for table 'users' in database 'test_task' [00:13:15]…
Oleg Shilkin
  • 1
0
votes
0 answers

How to resolve sqlmap error: [CRITICAL] page not found (404)

I'm currently testing my own website with SQLMap, every time when I want to enter the URL this comes up: [*] starting @ 19:26:01 /2023-07-24/ [19:26:02] [INFO] testing connection to the target URL [19:26:02] [CRITICAL] page not found (404) it is…
t200b
  • 1
  • 2
0
votes
0 answers

How to create user in mysql with sqlmap?

Is it possible to create a mysql user using sqlmap? Look if the user is root@localhost, it would have all the permissions since this is dbm I tried some statements such as the execution of the CREATE command within the sql
Krypton612
  • 1
0
votes
1 answer

SQLMAP post data error persists even after changing the requested file

I was trying to run sqlmap with method POST but I got this error: [CRITICAL] no parameter(s) found for testing in the provided data (e.g. GET parameter 'id' in 'www.site.com/index.php?id=1') even though I have provided the parameter in the…
Joginder Singh
  • 1
1 2 3
8 9