I’m solving this challenge/lab where SQLi is inside the cookie parameter. After solving it manually, I thought to check if it can extract data. I used sqlmap with --cookie=COOKIE*
(Notice *
that’s the marker to tell sqlmap about the injection point) and --level=2
(Level 2 means look for flaws in cookie parameters along with GET and POST para)
python3 sqlmap.py -u {URL} --cookie=COOKIE* --level=2
It detects the vulnerability. However, if I use --dbs
it tells me the back-end DBMS is PostgreSQL
and --dbs: command not found
--dbs
is a valid option to look for database, I don’t understand why its not working.
My assumption is it’s because of one of the two reasons
- You can’t use sqlmap to extract data if the attack is blind or
- There is another option to extract data in the case of blind attack and you can’t use
--dbs
Could someone point me to right direction, where am I going wrong?