Hi, There is a website that is vulnerable to sqli but it only accepts ( ،,._-%*+=÷:@؛- ) keywords and alphabet and numbers in post and get requests. I know there’s a sqli bug but i have to get deeper so please help me to bypass this problem. It will be a good thing if there is something that I can use in sqlmap.

Thank you

I have tried multiple scrips but for some reason they all dont work, i dont know if im picking the wrong IP, the wrong networking for my virtual machine or what. But can someone please give me a script that might work, I have tried scripts from hak5 but they dont seem to work.

Scripts I’ve used: https://github.com/hak5/usbrubberducky-payloads/tree/master/payloads/library/remote_access/Netcat-Reverseshell-On-Log-In

https://github.com/FreeLesio/Rubber-Ducky-Reverse-Shell

I seem to get this error when using these:

ConPtyShellException: [-] ConPtyShellException: WSAConnect failed with error code: 10061

at ConPtyShell.connectRemote(String remoteIp, Int32 remotePort)

at ConPtyShell.SpawnConPtyShell(String remoteIp, Int32 remotePort, UInt32 rows, UInt32 cols, String commandLine, Boolean upgradeShell)

at ConPtyShellMainClass.ConPtyShellMain(String[] args)

With this script https://github.com/OwNuT/Rubber-Ducky-Scripts/blob/main/ReverseShell/payload everything seems to work fine on the victim machine but it says its connected to local host and when I go on attacker machine (kali linux VM) nothing seems to be connected.

(SORRY FOR SO MUCH I JUST REALLY WANT THIS TO WORK OUT)

Hey there I’m trying to figure out the contents of a file in .vdb (it should be a database file) however whenever I try to open the contents I amgreeted with garbled text and no clear formation

Has anyone had experience with vdb files?