Why SQLMap Doesn’t Attack Specified Parameter?

I am new to SQLMap. I have setup Kali and OWASPBWA VM. Both VMs are on same NAT Network set in VirtualBox.

When I try to run following command:

sqlmap -u "http://<IP_ADDRESS>/mutillidae/index.php?page=user-info.php?username=111&password=bbb&user-info-php-submit-button=View+Account+Details" -p username 

I get following messages:

  • Previous heuristics detected that the target is protected by some kind of WAF/IPS.
  • Multiple messages – Unable to connect to the targeturl. sqlmap is trying to reconnect.
  • heuristics test shows that GET parameter ‘username’ might not be injectable.

There are several YouTube videos which display same setup with above 2 VMs, and are able to run the command and find injection in username parameter. What am I doing wrong? Please help.

sqlmap won’t give me results i’m looking for

I am trying to use sqlmap. Altho every times I use it, I just get a response of:

[13:39:11] [CRITICAL] previous heuristics detected that the target is protected by some kind of WAF/IPS   [13:39:11] [INFO] testing if the target URL content is stable  [13:39:12] [INFO] target URL content is stable  [13:39:12] [CRITICAL] no parameter(s) found for testing in the provided data (e.g. GET parameter 'id' in 'www.site.com/index.php?id=1'). You are advised to rerun with '--forms --crawl=2'  [*] ending @ 13:39:12 /2020-07-29/ 

I’m using the websites I find in the tutorials. But I always get this message. If not, it keeps asking me for stuff and then doesn’t work. Please help me. Heres the command I use: ‘python sqlmap.py -u "Enter-website-here"’. Heres the tutorial I’m using: https://www.binarytides.com/sqlmap-hacking-tutorial/

Sqlmap not detects error based injection

I am working on Hack the VM (hard machine) for my OSCP preparation

There is a web app with two drop down boxes.. Year and month.. both contain numbers and a submit to fetch data from DB based on year and month

Now when I change the month value from 2,3,4,5 etc to /

I get this as an error

"You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ‘AND MONTH(our_date) = 1 ORDER BY our_date DESC’ at line 1

Which I believe is error based SQL injection

THe problem is when I try this in SQLMAP, I tried to increase the risk and level.. I dont get the parameter is injectable..

If i change value of month to 1′ OR 1 = 1# , I get 502 bad gateway

How could I move on?

I read this link but not so helpful.

https://stackoverflow.com/questions/54809948/mariadb-sql-injection

SQLmap automation

I’m automating SQL injection using sqlmap. Is there someone who managed to parse sqlmap console output to only report critical findings (vulnerable pages to SQL injection)?

The tool doesn’t support output as JSON, and running the tool as API server, the results are in JSON format but it still reports all findings (basically converting all console output to JSON file).

Is there an efficient way to automate the SQLmap tool that I’m not aware of?

SQLMap Cookie Injectioin with Working Manual SQLi

I’m using an existing exploit which calls for a cookie called wp_sap to be set with the following value:

["1650149780')) OR 1=2 UNION ALL SELECT 1,2,3,4,5,6,7,8,9,@@version,11#"] 

This works great manually. Now, I’d like to be able to use this within SQLMap to enumerate the database automatically but have been struggling. I’ve tried the following variations to no avail.

sqlmap --cookie "wp_sap=[\"1650149780')) OR 1=2 " -u http://sandbox.local -p "wp_sap" --dbms "MariaDB" --suffix "#]" --level 5 --technique U -proxy http://127.0.0.1:8080  sqlmap --cookie="wp_sap=*" -u http://sandbox.local -p "wp_sap" --dbms="MariaDB" --prefix "[\"1650149780')) OR 1=2" --suffix "11#]" --level 5 --technique U -proxy http://127.0.0.1:8080  sqlmap --cookie="wp_sap=[\"1650149780')) OR 1=2 UNION ALL SELECT 1,2,3,4,5,6,7,8,9,*" -u http://sandbox.local -p "wp_sap" --dbms="MariaDB" --suffix ",11#]" --level 5 --technique U -proxy http://127.0.0.1:8080 

I’d really appreciate some help to get this working.

Sqlmap waf bypass

This is my first post here, sorry for my english.

Im making some test around, because i want to learn more about sql injection. Im not really good as manual sql injection, so im using sqlmap.

what im know from my target is: Asp.net application Mysql database Powered by plesk and probably ModSecurity Waf. There is a Waf, not sure is modsecurity but Plesk use it.

Im sure some url are vulnerable. But you can reach vulnerable url only as logged user. And when i try to use sqlmap, my asp. session get istantly killed.

What i have tested and work better:

–skip-waf, because the sqlmap waf test, trigger the waf and my session was killed.

–delay 7/8 second

–tamper=”modsecurityversioned,randomcomments,between” make the test during more, but on last test crash on paylod with = character.

Can i have some suggestion? What is the most undetected method ? BLind, time, error? Tamper suggestion?

Thanks

SQLmap finds injectable ‘id’ parameter but the response is ‘Internal Server Error’

I am trying to understand the SQLi so I ran SQLMap with ‘-vvv’ parameter

4: Show also HTTP requests.

I did scan one of the vulnerable and ‘free to hack’ sites. In one of the requests sent, the response from SQLmap was:

[22:25:10] [DEBUG] got HTTP error code: 500 (‘Internal Server Error’)

[22:25:10] [INFO] GET parameter ‘id’ appears to be ‘AND boolean-based blind – WHERE or HAVING clause’ injectable (with –code=200)

I tried to use same payload GET /showforum.asp?id=1%20AND%20%28SELECT%20CHR%28116%29%7C%7CCHR%28100%29%7C%7CCHR%2885%29%7C%7CCHR%28111%29%20FROM%20SYSIBM.SYSDUMMY1%29%3D%27tdUo%27 in Burp but it keeps throwing me 500 error.

Can someone explain me how did excatly SQLmap come to this conclusion that parameter ID is injectable, while there was an error? I tried to compare different 500 error responses, but no difference between this specific payload ant other ones.

Any answer will be appreciated, thanks.

SQLMAP Redirect using xampp

I am learning SQLi using sqlmap and xampp, I set up same way as per tutorial but when i run sqlmap.py -u “http://localhost/bwapp/sqli_1.php?title=1*” , the error got 302 redirect to http://localhost:80/bwapp/login.php and when i clicked either yes or no ,then the error “you have not declared cookies , while server wants to set its own….”. May I know how to solve this issue?

sqlmap: Test injection in Basic Authentication?

I have been trying to make sqlmap test the username parameter in a fake login page that uses basic authentication. However I cannot make it test the Authentication header via the asterisk trick:

sqlmap --auth-type "BASIC" --auth-cred="*:pass" --level 5 --risk 3 --method POST -u http://fake_endpoint.local/ --proxy http://127.0.0.1:8080 

I receive at the proxy only one login attempt with literally *:pass (b64: KjpwYXNz)

POST http://fake_endpoint.local/ HTTP/1.1 Content-Length: 0 Authorization: Basic KjpwYXNz Cache-Control: no-cache User-Agent: sqlmap/1.4.3#stable (http://sqlmap.org) Referer: http://fake_endpoint.local/ Host: fake_endpoint.local Accept: */* Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded; charset=utf-8 Connection: close 

Any ideas if this is feasible through sqlmap?