Re: [sqlmap-users] sqlmap bug
Brought to you by:
inquisb
From: Bernardo D. A. G. <ber...@gm...> - 2009-02-01 10:02:20
|
Hi Joe, Joe wrote: > I'm having problems with sqlmap. I've confirmed the bug manually with > union all select, but sqlmap is still reporting it as a blind hole. Did you check manually for the UNION query SQL injection using only NULL chars or did you really confirm it by inject a string or number in one/some of the NULLs? > Additionally: I get this message: > ... > File "lib\techniques\blind\inference.pyc", line 233, in bisection > File "lib\techniques\blind\inference.pyc", line 102, in getChar Try with the latest development release from subversion repository and let us know. By the way, in this latest release you can also choose the technique to detect the UNION injection, with option --union-tech, please refer to the updated user's manual for details. Cheers, -- Bernardo Damele A. G. E-mail / Jabber: bernardo.damele (at) gmail.com Mobiles: +39-3493821385 (IT), +44-(0)7788962949 (UK) PGP Key ID: 0x05F5A30F |