I am trying to complete an SQL injection CTF here.
I confirmed just adding a single ' mark at the end of the URL caused a MySQL syntax error, and following this tutorial, I could complete this challenge without any automated tools.
Here is the sqlmap command I used:
sudo sqlmap -u "https://www.zixem.altervista.org/SQLi/level1.php?id=1" --dbs
Here is the 403 error output:
[19:29:51] [INFO] testing connection to the target URL
[19:29:51] [WARNING] potential permission problems detected ('Access denied')
[19:29:51] [WARNING] the web server responded with an HTTP error code (403) which could interfere with the results of the tests
[19:29:51] [INFO] testing if the target URL content is stable
[19:29:51] [WARNING] target URL content is not stable (i.e. content differs). sqlmap will base the page comparison on a sequence matcher. If no dynamic nor injectable parameters are detected, or in case of junk results, refer to user's manual paragraph 'Page comparison'
how do you want to proceed? [(C)ontinue/(s)tring/(r)egex/(q)uit]
I have tried pressing continue, however the tool always fails due to the 403 error. The above command worked perfectly for other SQL injection challenges.
Does anyone know how to resolve this?
