[sqlmap-users] sql injection doesn't works
Brought to you by:
inquisb
Menu
▾
▴
[sqlmap-users] sql injection doesn't works
|
From: alfonso c. <alf...@gm...> - 2009-03-08 17:02:37
|
Hi list,
I'm using sqlmap with a website created ad-hoc (Apache/2.2.9 (Ubuntu)
PHP/5.2.6-2ubuntu4.1 with Suhosin-Patch, mysql Ver 14.12 Distrib 5.0.67,
for debian-linux-gnu (i486) using readline 5.2).
The simple and insecure php code:
...
...
$query = "SELECT id from $db_table where username = '$username'";
$result = mysql_query($query);
while ($row = mysql_fetch_array($result)){
print "$row[0]<br>";
}
...
...
the MySQL table:
mysql> show columns from tbl_test;
+----------+-------------+------+-----+---------+----------------+
| Field | Type | Null | Key | Default | Extra |
+----------+-------------+------+-----+---------+----------------+
| id | int(10) | NO | PRI | NULL | auto_increment |
| username | varchar(20) | NO | | NULL | |
| password | varchar(20) | NO | | NULL | |
+----------+-------------+------+-----+---------+----------------+
get_magic_quotes_gpc = Off
Now, I can do sql injection attack with ' or 1=1-'
http://127.0.0.1/test/test_sql.php?username=username1%27%20or%201=1-%27
but with sqlmap...
...
...
[17:58:58] [WARNING] GET parameter 'username' is not injectable
I've also tried with --prefix "'" --postfix "'OR 1=1--'" etc... but nothing.
Any hints?
Thank you,
AL
|
