HQLmap icon indicating copy to clipboard operation
HQLmap copied to clipboard

Published 20 hours ago verified publisher icon PaulSec

Eliminate False Positives

Open shipcod3 opened this issue 8 years ago • 0 comments

Hello @PaulSec ,

I tried running this one on my very own Apache Server which doesn't have a db on but just a static page and here is the output:

shipcod3@arfarf:~/pentest/HQLmap$ python HQLmap.py --url="http://localhost?id=jay" --param=id --tables --columns
[!] Table User has been found.
[!] Table Task has been found.
[!] Table News has been found.
[!] Table Test has been found.
[!] Column Id has been found in table Test
[!] Column Username has been found in table Test
[!] Column Password has been found in table Test
[!] Column Status has been found in table Test
[!] Column User_Id has been found in table Test
[!] Column Email has been found in table Test
[!] Column Firstname has been found in table Test
[!] Column Lastname has been found in table Test
[!] Column Id has been found in table News
[!] Column Username has been found in table News
[!] Column Password has been found in table News
[!] Column Status has been found in table News
[!] Column User_Id has been found in table News
[!] Column Email has been found in table News
[!] Column Firstname has been found in table News
[!] Column Lastname has been found in table News
[!] Column Id has been found in table Task
[!] Column Username has been found in table Task
[!] Column Password has been found in table Task
[!] Column Status has been found in table Task
[!] Column User_Id has been found in table Task
[!] Column Email has been found in table Task
[!] Column Firstname has been found in table Task
[!] Column Lastname has been found in table Task
[!] Column Id has been found in table User
[!] Column Username has been found in table User
[!] Column Password has been found in table User
[!] Column Status has been found in table User
[!] Column User_Id has been found in table User
[!] Column Email has been found in table User
[!] Column Firstname has been found in table User
[!] Column Lastname has been found in table User

I guess on 200 status code pages, it just gives the default tables and columns. I tried this one and Google and it has the same output.

shipcod3 avatar Mar 30 '16 16:03 shipcod3