Hi there, I am seeking help/assistance on the bypassing Web Application Protections - case 9 and case 11?
I am using or trying case 9
sqlmap -u “http://206.189.114.209:30142/case9.php?id=1*&uid=1842984375” --randomize=uid --batch -v 5 --tables --dump | grep URI
case 11, I tried a bunch of others, all of them doesnt seem to work.
sqlmap -u “http://165.227.225.180:32243/case11.php” --data=‘id=1’ --tamper=apostrophemask,greater --batch --tables
Thank you…
I haven’t finished 11 yet, but I can tell you that you have too many switches for case 9. You don’t need the pipe grep URI or v 5 --tables. I hope that helps. Oh, and put dump before batch.
I’ve run into a problem here as well.
I got through case 1-to-10 quite easily, but no mater what I do, I only get a boolean-based blind and a time-based-blind. I cannot seem to find the proper tamper script to get a union based query working.
I’ve tried greatest, least, between, etc.
I’ve tried level 5 and risk 3
Does anyone have a little hint for me?
Thanks