Week 30 - SQLMap Debugging
Last updated
Last updated
What would you rather see? Your mother-in-law at your door unannounced, or the below sqlmap error:
[WARNING] in case of continuous data retrieval problems you are advised to try a switch '--no-cast' or switch '--hex' [CRITICAL] unable to retrieve the number of ___
This error used to haunt me during engagements. I would often just append '--no-cast’ and hope for the best. Until I learned a much better technique that, in my experience, can solve this problem most of the time.
Typically, this issue occurs when dumping data with Blind SQLi. Sqlmap is having trouble determining a valid character (True response) from an invalid (False response). To solve this problem, we must tell sqlmap EXACTLY how to determine a True response. To do this, we can use the flags ‘--string’ and ‘--code’
--string => Specify portion of text returned in HTTP Response when the query is true --code => HTTP status code returned when query is true
I frequently use the ‘--string’ flag and specify some text returned only in the True page, which can often be found in the HTML of the server response. The ‘--code’ flag is also useful if you’re dealing with a SQLi whose False page is a 500 status code (syntax error).
Now you won’t have any more issues dumping data!