How I found 5 Sql injection using 3 tools

HI No time for Hello! i was seeing in my office today i was working from home then i decide that i need to go office. i was working on one issue then i think fro while lets make some mess.

The reason i write this artical i think its time to-tell you how can we go up with time i have been using my own scripts and tools since long time. some of the simple i provide you in previous lecture.

In this one I am not going to tell you show to in video reason there was alot of other things that i foud. using some automation testing tools. as you all know that teach You with basic level testing that is much much batter then others peapols who make you fool in YouTube Videos .

For this attack i use 3 tools for

• Nmap
• OSZAP (ZX Proxy )
• SQLmap

OSZAP:

OSZAP has 2 major role in this Testing. i just just fro scanning how ever i use Zap in Window i will work batter. reason its work in batter way. may be You are good in other OS ..

For Scanning its was not much bad but i scan in deep with OSZAP with Ajax Spider including Attack mood

The page results were successfully manipulated using the boolean conditions [da1f9ce0bd5544c7cab987682f11f100cf0428d807d72b1cf40f4c5ff949c367" AND "1"="1" -- ] and [da1f9ce0bd5544c7cab987682f11f100cf0428d807d72b1cf40f4c5ff949c367" OR "1"="1" -- ]
The parameter value being modified was stripped from the HTML output for the purposes of the comparison
Data was NOT returned for the original parameter.
The vulnerability was detected by successfully retrieving more data than originally returned, by manipulating the parameter

After Scannign i get some more information that was a

da1f9ce0bd5544c7cab987682f11f100cf0428d807d72b1cf40f4c5ff949c367" AND "1"="1"

Nmap:

Nmap was the tool who allow me to find right Target for my Self . with this small command that look small has so much Power that can filter the list of IP. i was on target

When you scan with this Command with nmap Please before -iR ~ give the rang ip .

 nmap -v -iR .x.x.x.x..x.x