[DEBUG] got HTTP error code: 500 on boolean-based blind #607
Comments
|
Alright , but at the end it didn't succeed. it shows this error on level=1 to level=5 with risk=3 [06:20:30] [WARNING] GET parameter 'Page' is not injectable i cant do this manually. is their is another suggestions to complete this.i was thinking that it might be some waf installed. |
You have a bad premise. If software like |
the Uniscan project http://uniscan.sourceforge.net/ also identified that its blind sqli. |
@stamparm Bro , i have checked it manually , its blind Sql Injection wait for delay in post content,i have checked it manually!!.The testing Post parameters are in user name form field, which is .. username'; waitfor delay '00:00:10' -- by doing this it get respond after 10 seconds, now plz help me to do the rest of the queries using sqlmap, in order to get database. waiting for your reply thanks. |
thanks i got it ! |
asadmalik786 so maby u can share you exp how did u finished that attack? |
yeah...we will be happy to hear something new...Like bb1ox1bb says :-) |
Hello , i need some help in doing blind sql injections and i'm facing this error "[DEBUG] got HTTP error code: 500 (Internal Server Error)" when sqlmap checks payloads against url.
My Target is:-
Server: Microsoft-IIS/7.5
Retrieved x-powered-by header: ASP.NET
Retrieved x-aspnet-version header: 2.0.50727
I USED THESE SWITCHES WITH SQLMAP.
-v 4 --parse-errors --banner --dbs --random-agent --level=5 --risk=3
and it shows HTTP 500 Error as shown below.
[...]
[07:11:15] [DEBUG] got HTTP error code: 500 (Internal Server Error)
[07:11:15] [WARNING] parsed DBMS error message: 'System.ArgumentException: parsing "Page=2)..[""']'(" - Too many )'s.'
[07:11:15] [WARNING] heuristic (basic) test shows that GET parameter 'Page' might not be injectable
[07:11:15] [INFO] testing for SQL injection on GET parameter 'Page'
[07:11:15] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause'
[07:11:15] [PAYLOAD] 2) AND 8998=5058
[..]
Target is confirm vulnerable to blind Sql Injections, bug found by acunetix and Uniscan project.kindly help me regarding this that how can i do perfect injection using sqlmap. i tried --hex but didn't succeed.
PS : i got this from NIKTO.
Server banner has changed from 'Microsoft-IIS/7.5' to 'Microsoft-HTTPAPI/2.0' which may suggest a WAF, load balancer or proxy is in place.
waiting for your reply.
The text was updated successfully, but these errors were encountered: