OP 02 June, 2020 - 09:08 PM
hi,
i probably found an sql injection in a private web site and need some help with exploitation using sqlmap. i tried a lot but nothing seem to work. what i did so far:
If i search for te'st the following error is reported:
Code
as far as i understand error reporting is fully enabled and i am in a select %like% statement.
what i can tell about the environment:
If you can help me with this i am offering 200$ in bitcoin as reward. contact me for proof if you need.
Thanks
i probably found an sql injection in a private web site and need some help with exploitation using sqlmap. i tried a lot but nothing seem to work. what i did so far:
- ran sqlmap against the affected post parameter including the session cookie
- sqlmap says parameter might be injectable, including xss
- changed level and risk
- used some tamper scripts to bypass ips (tamper/between.py,tamper/randomcase.py,tamper/space2comment.py,tamper/modsecurityversioned.py)
- ran sqlmap with proxychains to bypass blacklisting
If i search for te'st the following error is reported:
Code
Code:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'st%' limit 0,10' at line 3as far as i understand error reporting is fully enabled and i am in a select %like% statement.
what i can tell about the environment:
- centos 7
- apache2
- probably running mod_security and a with proxy blacklisting (tor isnt even able to contact webserver)
- after a few 100 bad sqlmap requests, ip gets blacklisted
- mysql
- php custom application
If you can help me with this i am offering 200$ in bitcoin as reward. contact me for proof if you need.
Thanks