Return to forum

technologykailm · November 25, 2022 at 9:24 PM

Hey Guys! I found time based SQL injection in my university website. I am trying to extract the tables and records using sqlmap but it is taking so much time. Is there any other ways to extract tables and database? It is using Microsoft SQL and IIS

Amphibia · November 25, 2022 at 9:24 PM

are you hacking them for a A+

pine · November 25, 2022 at 9:25 PM

Try increasing thread count.

--threads=5

technologykailm · November 25, 2022 at 9:42 PM

(November 25, 2022, 09:24 PM)Amphibia Wrote: are you hacking them for a A+

Na not for grades it's an attendance system portal for teachers

(November 25, 2022, 09:25 PM)pine Wrote: Try increasing thread count.

--threads=5

It won't help in time based SQL injection. I have tried it

Nutroid · November 26, 2022 at 5:04 AM

Persistence parameter could help, like increasing number o threads

HozeV13 · November 27, 2022 at 1:43 AM

(November 25, 2022, 09:24 PM)technologykailm Wrote: Hey Guys! I found time based SQL injection in my university website. I am trying to extract the tables and records using sqlmap but it is taking so much time. Is there any other ways to extract tables and database? It is using Microsoft SQL and IIS

Just specify the db name it said to u and the thechnique

bokuyan · November 28, 2022 at 7:29 AM

if you dont have schema name you can force system to give an error. you may see schema name from there.