Re: [sqlmap-users] Basic injection not working... Help.
Brought to you by:
inquisb
From: Ryan D. <rya...@gm...> - 2009-09-17 16:10:16
|
Busted! 2009/9/17 Patrick Webster <pa...@au...>: > It is probably not a good idea to attack http://www.siig.fr > > -Patrick > > On Fri, Sep 18, 2009 at 2:04 AM, Tristan Foureur <tri...@gm...> > wrote: >> >> Hello, >> >> I don't know why but a really really basic injection is not detected. The >> URL is like www.host.com?news_id=270&zone_id=4 and when I'm doing >> >> www.host.com?news_id=270&zone_id=4 OR 1 it displays every news, when I'm >> doing news_id=270 AND 0 it displays no news. When I'm doing news_id=270 >> THISISATEST it displays a mysql error. >> >> So it's definitely injectable and that's not a "rare" type of injection. >> >> Now I would like to learn to use sqlmap to find these injections and how >> to use it but when I'm doing this : >> >> sqlmap.exe -u "http://www.siig.fr/fr/consnews2.php?news_id=270&zone_id=4" >> -v 1 >> >> It says that both news_id and zone_id aren't injectables ! I tried using >> the -p parameter like that : -p zone_id but it doesn't change anything. >> >> I don't think that sqlmap can't detect such basic injections, so could you >> tell me what is the proper parameters to detect something simple like that, >> and then how to exploit it ? >> >> Thanks :) >> >> >> ------------------------------------------------------------------------------ >> Come build with us! The BlackBerry® Developer Conference in SF, CA >> is the only developer event you need to attend this year. Jumpstart your >> developing skills, take BlackBerry mobile applications to market and stay >> ahead of the curve. Join us from November 9-12, 2009. Register >> now! >> http://p.sf.net/sfu/devconf >> _______________________________________________ >> sqlmap-users mailing list >> sql...@li... >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> > > > ------------------------------------------------------------------------------ > Come build with us! The BlackBerry® Developer Conference in SF, CA > is the only developer event you need to attend this year. Jumpstart your > developing skills, take BlackBerry mobile applications to market and stay > ahead of the curve. Join us from November 9-12, 2009. Register now! > http://p.sf.net/sfu/devconf > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > |