I have never used sqlmap with this complicated of an internet app/request. I consider I’ve a SQLi vulnerability in my http header referer based mostly on a vulnerability scan and a BurpSuite lively scan so I wish to validate it and set up a proof of idea with sqlmap. Sadly I am unable to get the proper sqlmap syntax working.
Initially I used to be making an attempt to make use of particular sqlmap switches however now I am simply making an attempt to make use of the -r (request file) swap and move all the request to sqlmap. I’ve used BurpSuite and have captured the request and am try to move that to sqlmap. What am I doing fallacious???
Request File: pag-RequestFile.txt
Host: check.system.com Consumer-Agent: Mozilla/5.0 (Home windows NT 10.0; Win64; x64; rv:75.0) Gecko/20100101 Firefox/75.0 Settle for: */* Settle for-Language: en-US,en;q=0.5 Settle for-Encoding: gzip, deflate Content material-Kind: utility/x-www-form-urlencoded; charset=UTF-8 Adf-Adverts-Web page-Id: 1 Adf-Wealthy-Message: true Content material-Size: 475 Origin: https://check.system.com DNT: 1 Connection: shut Referer: https://check.system.com/firm/portal/JL/AuthGateway Cookie: JSESSIONID=_44oAwtEJs_vLGvk0s1CyQk7D7DTfPf6iZDe6li8ovmzBGbHLlwH!-2049888132; adfc12c_part_flag=Mon Jun 01 2020 17:22:33 GMT-0500 (Central Daylight Time); adfc12c_partvalue_flag=B; adfc12c_disclaimer_flag=Mon Jun 01 2020 17:22:33 GMT-0500 (Central Daylight Time); NSC_nfejdbsf-uftu.opwjubt_443=ffffffff093578e145525d5f4f58455e445a4a422851 question=&mbl.contextURL=%2Fspacespercent2FJL&org.apache.myfaces.trinidad.faces.FORM=f1&Adf-Window-Id=w12mtp5iznm&javax.faces.ViewState=!1dsy5dmr6i&Adf-Web page-Id=0&occasion=Tpercent3Adclaypercent3Aoc_1394867853rLdUf11%3Ab1&occasion.T:dclay:oc_1394867853rLdUf11:b1=%3Cm+xmlnspercent3D%22httppercent3Apercent2Fpercent2Foracle.compercent2FrichClientpercent2Fcomm%22%3Epercent3Ck+vpercent3D%22kind%22%3Epercent3Cspercent3Eactionpercent3Cpercent2Fspercent3Epercent3Cpercent2Fkpercent3Epercent3Cpercent2Fmpercent3E&oracle.adf.view.wealthy.PROCESS=Tpercent3Adclaypercent3Aoc_1394867853rLdUf11%2CTpercent3Adclaypercent3Aoc_1394867853rLdUf11%3Ab1
/house/gw/sqlmap-data# sqlmap -r pag-RequestFile.txt
[10:32:50] [INFO] parsing HTTP request from 'pag-RequestFile.txt' [10:32:50] [WARNING] offered worth for parameter 'question' is empty. Please, all the time use solely legitimate parameter values so sqlmap may be capable of run correctly it seems that offered worth for POST parameter 'occasion.T:dclay:oc_1394867853rLdUf11:b1' has boundaries. Do you wish to inject inside? ('<m xmlnspercent3D"http://oracle.com/richClient/comm"><ok vpercent3D"kind"><s>motion*</s></ok></m>') [y/N] [10:35:13] [INFO] testing connection to the goal URL received a 307 redirect to 'https://check.system.com/firm/portal/JL/AuthGateway?Adf-Window-Id=w12mtp5iznm&Adf-Web page-Id=0'. Do you wish to observe? [Y/n] redirect is a results of a POST request. Do you wish to resend unique POST information to a brand new location? [Y/n] [10:35:27] [INFO] testing if the goal URL content material is secure [10:35:27] [WARNING] POST parameter 'question' doesn't look like dynamic [10:35:27] [WARNING] heuristic (primary) check exhibits that POST parameter 'question' may not be injectable [10:35:27] [INFO] testing for SQL injection on POST parameter 'question' [10:35:27] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause' [10:35:27] [INFO] testing 'Boolean-based blind - Parameter substitute (unique worth)' [10:35:27] [WARNING] turning off pre-connect mechanism due to connection reset(s) [10:35:27] [WARNING] there's a risk that the goal (or WAF/IPS) is resetting 'suspicious' requests [10:35:27] [CRITICAL] connection reset to the goal URL. sqlmap goes to retry the request(s) [10:35:27] [CRITICAL] connection reset to the goal URL [10:35:27] [INFO] testing 'MySQL >= 5.Zero AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)' [10:35:27] [CRITICAL] connection reset to the goal URL. sqlmap goes to retry the request(s) [10:35:27] [CRITICAL] connection reset to the goal URL [10:35:27] [CRITICAL] connection reset to the goal URL. sqlmap goes to retry the request(s) [10:35:27] [CRITICAL] connection reset to the goal URL [10:35:27] [CRITICAL] connection reset to the goal URL. sqlmap goes to retry the request(s) there appears to be a steady drawback with connection to the goal. Are you positive that you simply wish to proceed? [y/N] [10:35:56] [ERROR] person give up [*] ending @ 10:35:56 /2020-05-18/
1) I believed I may use the request captured from burp with no modifications. Am I appropriate? 2) The primary WARNING signifies my question parameter is empty. It is within the request file so why does sqlmap assume it is empty? What's fallacious with my syntax? 3) The primary WARNING additionally refers to a offered worth inside the POST that has boundaries. What the heck is that this? 4) Subsequent WARNING signifies risk of a WAF/IPS. Is that this inflicting my difficulty?
Thanks prematurely for any assist/help/options.