Sqlmap Essentials Academy

Greetings all, I am stuck on the attack tuning portion of sqlmap essentials. Flag and Case # 7 to be exact. I have tried many different flags based on what I read so far in the course. Can someone help me out please? Thank you. The hint is " Try to count the number of columns in the page output, and specify them for sqlmap." How do I go about counting the columns?

When the HTML page is rendered, a certain number of columns is displayed based on the SQL-response. Have a look at the webpage, either all columns are displayed or just a subset (2,3,4,5 of example)…

1 Like

so should I be targeting the columns that are displayed on the website then? I am pretty sure I found that it has 76 columns running sqlmap but adding --union-cols=76 so far has not provided anything new, and is super slow to complete or times out. Thank you for the help!

well I found the flag, I am pretty confused as to why… I just did --batch --dump and that was it. I guess I was just way over complicating it?

At this point, who have to make an educated guess regarding the number of columns used as input parameter for Sqlmap.
Looking at the webpage displaying the results of each query, it suggests the number of columns in the underlying table is less than 10.
When performing a manual SQL-injection, you would have to find that out via trial-and-error (see the module on SQL injections).

The hint didn’t really help.
I didn’t have to use the -union-cols.
Instead when I ran with -T flag7 --batch --dump it complained about I should use --no-cast or-hex. So I tried with --no-cast and it got the flag.