SQL, Code Injection, and Scanners                                           Chapter 5

            When we use this dork to search Google, our first result returns a URL containing
            JOEFY KTQ :
                http://www.examplesite.com/index.jsp?idPagina=12

            We can see the site is making a (&5 request, passing a parameter identifying the page
            visited (JE1BHJOB). Let's check that and see if it's vulnerable, which we can do by passing
            the URL to TRMNBQ.

                sqlmap -u "http://www.examplesite.com/index.jsp?idPagina=12"

            This is a valid TRMNBQ command. The cool thing about the tool is that it also supports an
            option for Dorks,  H, making it also possible to pass a string of the dork you'd like to search
            (instead of doing the search manually):
                sqlmap -g 'inurl:index.jsp? intext:"some company title"'

            In this instance, TRMNBQ will use that dork to search Google and then take the results from
            the first page and analyze them one-by-one, prompting you each time to ask if you want to
            analyze the URL, skip it, or quit.

            Taking the results from just the first search resultbthe one we targeted directly by passing
            the URL to TRMNBQ via  Vbwe can see both time-based and error-based SQLi
            vulnerabilities:
































                                                    [ 80 ]