Questions tagged [sqlmap]

sqlmap is an "Automatic SQL injection and database takeover tool". It can be used to detect flaws in any software with an underlying SQL database

sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections

128 questions

votes

1 answer

Get bytes of encoded non-printable string

When I dump a table entries with sqlmap with --hex key, I get bytes of password hash correctly, but powershell represents these bytes as string. All non-printable characters are escaped and I get these bytes as…

asked Jul 11 '15 at 16:29

Stanislav Breslavski

votes

1 answer

SQLMap remake in JavaScript? Possible?

I am trying to expand my JavaScript knowledge about web requests and they way it communicates with external applications. I am wondering if it is possible to make use of the xhr object in order to make a basic sqlmap alternative(*SQLmap is a tool…

javascript sqlmap

asked Jul 03 '15 at 14:32

Theof

votes

0 answers

myBatis ORACLE - trying to load a temporary table and then run a select statement against it

The example below was greatly simplified to illustrate the problem I am facing. What I am trying to do is to load an ORACLE temporary table and then run a query against that table using myBatis. Its quite possible I am forgetting some basics of…

oracle mybatis ibatis sqlmap

asked May 27 '15 at 04:24

DaveB

votes

1 answer

the meaning of the instruction

I found this code in sqlmap project https://github.com/sqlmapproject/sqlmap/blob/master/lib/core/datatype.py . I don't understand the meaning of calling the constructor AttribDict.__init__(self) class InjectionDict(AttribDict): def…

python sql sqlmap

asked Aug 23 '14 at 15:24

user3140467

votes

1 answer

How SQLMAP fetches tables, columns from the database?

I have understood that how SQLMAP checks for vulnerabilities but now i'm fascinated about how after getting the vulnerability SQLMAP fetches the databases, tables, columns. I tried to understand by looking on their github repo but still.

python sql security cracking sqlmap

asked Jul 15 '14 at 07:05

user3099030

votes

1 answer

sqlmap emulate Login Sequence for Webapplication

I hope this is the right place for my question Is it possible to submit a login sequence with sqlmap for a web application that not provides a real session cookie. In Webbrowser their is only a PHPSESSION ID and if i copy this to the --cookie…

cookies sql-injection sqlmap

asked Jun 10 '14 at 08:25

Der Admin81

votes

1 answer

SQL injection on clean url

I would like to test my website for SQL injection using sqlmap. I'm using mod_rewrite and my URL looks like this: http://www.example.com/forum/&nav_page=1 (where nav_page is the parameter name and 1 is value) The problem I'm having is that I can't…

seo sqlmap

asked May 27 '14 at 08:58

user3090543

votes

1 answer

dyanamically change the database name in SqlMapConfig.xml file

I want to change the database name in SqlMapConfig.xml file from the application, does any one help me?

ibatis sqlmap

asked Feb 21 '14 at 05:23

premashree

votes

1 answer

sqlmap not retrieving information when using TOR

I'm doing a simple test using sqlmap and TOR, and while the command without using TOR retrieves all the names of the tables, when I add the options --tor --tor-port=9151 it returns empy names or cannot return any tables. I'm using Python 2.7,…

mysql windows tor sqlmap

asked Feb 15 '14 at 17:45

JTatie

votes

1 answer

set a map to a parameterclass in iBatis

what's the difference between setting a map and setting an object to a parameterClass in iBatis? means, UPDATE city SET province_id = #province_id# WHERE id = #id# and

ibatis sqlmap

asked Aug 08 '13 at 07:53

user2660234

votes

1 answer

Sqlmap inline parameters

Hi ive just hear about an error in cakephp that allows sql inyection; https://twitter.com/cakephp/status/328610604778651649 I was trying to test my site using sqlmap, but i cant find how to specify the params. The url i am testing…

sql cakephp sqlmap

asked May 02 '13 at 15:39

Tim

votes

1 answer

Comparing Date in Java String form with JDBC DATE type

I need to define a SQL xml in ibatis where a date is being compared. The date which is compared is a DATE jdbc object and the date received from java object is a string. How should I convert string to date or how should I compare the two ? Thanks

java date jdbc sqlmap

asked Apr 25 '13 at 04:16

user1484793

votes

1 answer

Block sqlmap injection request via Iptalbes/firewall

I was checking the security on my server RHEL-5. I was running sqlmap and its gone through smoothly via iptables firewall. I want to block the sqlmap injection via firewall. So If anybody will try the same it sud be block in firewall.

block iptables sqlmap

asked Dec 27 '12 at 05:44

niraj vara

-1

votes

1 answer

Is this javascript vulnerable to SQL Injection?

I am using node-postgres library. const sql = ` SELECT * FROM "Employees" where employee_id = '${employee_id}' ; `; console.log(`Query formatted: ${sql}`); const result = await this.db.run(sql) // DB Run method looks like this async…

javascript postgresql sql-injection node-postgres sqlmap

asked Aug 29 '23 at 22:41

Ace McCloud

-1

votes

1 answer

sql inject in sqlmap what can i do for this

I have a problem with this piece of code ate and had a few with me please help, what can i do for this problem enter image description here

sqlmap

asked Dec 28 '16 at 11:49

zill

Prev 1 2 3

…

9 Next