sqlmap

sqlmap copied to clipboard

unable to retrive table/column names after getting database type and name in webgoat: sql injection (advanced)_Assigment 5

4

**Describe the bug** i was able to get the database type = "HSQLDB" and database name = "PUBLIC" by using --current-db, but when i trying to retrive the table/column names...

James-Lu-none

# Overview `Twitter` changed the name of the service to `X`. So we changed the `Twitter` string to `X`!! # Question I have more than 5 files that have been...

goemon564

**Is your feature request related to a problem? Please describe.** No Hi, it should be cool to inject into parameters if they are encoded into base64 and content type of:...

ggt

Incorrect payload location marking in Multipart forms

1

**Describe the bug** Currently sqlmap is trying to mark all fields in multipart forms which is leading to corruption of file contents. this is dumped by adding `print(conf.data)` after line...

rohitkumarankam

Outputs a json file in this format: ```json { "url": "http://testphp.vulnweb.com/artists.php", "query": "artist=1", "data": null, "injections": [ { "parameter": "artist", "paramtype": "GET", "injection": [ { "type": "boolean-based blind", "payload": "artist=1...

bkbilly-intrack

I want the result of --sql-query to be saved as a CSV file.

6

Hi! How are you doing? I don't know if I can make this request without a 1 dollar sponsor. I would love to see sponsor marks on future my GitHub...

Nzoth9

Change the dump file name to `tablename-columnname-index.csv` This method can differentiate between situations where a table exports different columns, whereas adding the sequence number to the file name does not...

guohuan78

**Running environment:** - sqlmap version: 1.7.1.4#dev - Installation method: git - Operating system: MacOS - Python version [e.g. 3.9.6] **Target details:** - MySQL - Union Based --- Hi, @stamparm! How...

Nzoth9

Hi, Sqlmap ver: 1.8.4.5#dev did not detect PostgreSQL time based despite successful manual testing in Burp Suite with this payload: ``` {"id":"'and(select'1'from/**/pg_sleep(5))::text>'"} ``` my sqlmap command : ``` python3 sqlmap.py...

whlpentest

Hi @stamparm sorry for bothering you i found that vuln on json param1 but its triple encoded base64 Example : `GET /list?id=WlhsS2QxbFlTbWhpVkVWcFQybEplazFUU1hOSmJrSm9ZMjFHZEUxcFNUWkpibEpzWXpOUmFVeERTbmRaV0Vwb1lsUk5hVTlwU2pCYVdFNHdTVzR3UFE9PQ==` when i decode 3x `GET /list?id={"param1":"31","param2":"test","param3":"test"}` then i...

M-Tofla