Re: [sqlmap-users] Basic injection not working... Help.
Brought to you by:
inquisb
From: Erik N. <da...@gm...> - 2009-09-17 16:16:14
|
LOL! On Thu, Sep 17, 2009 at 6:10 PM, Ryan Dewhurst <rya...@gm...> wrote: > Busted! > > 2009/9/17 Patrick Webster <pa...@au...>: >> It is probably not a good idea to attack http://www.siig.fr >> >> -Patrick >> >> On Fri, Sep 18, 2009 at 2:04 AM, Tristan Foureur <tri...@gm...> >> wrote: >>> >>> Hello, >>> >>> I don't know why but a really really basic injection is not detected. The >>> URL is like www.host.com?news_id=270&zone_id=4 and when I'm doing >>> >>> www.host.com?news_id=270&zone_id=4 OR 1 it displays every news, when I'm >>> doing news_id=270 AND 0 it displays no news. When I'm doing news_id=270 >>> THISISATEST it displays a mysql error. >>> >>> So it's definitely injectable and that's not a "rare" type of injection. >>> >>> Now I would like to learn to use sqlmap to find these injections and how >>> to use it but when I'm doing this : >>> >>> sqlmap.exe -u "http://www.siig.fr/fr/consnews2.php?news_id=270&zone_id=4" >>> -v 1 >>> >>> It says that both news_id and zone_id aren't injectables ! I tried using >>> the -p parameter like that : -p zone_id but it doesn't change anything. >>> >>> I don't think that sqlmap can't detect such basic injections, so could you >>> tell me what is the proper parameters to detect something simple like that, >>> and then how to exploit it ? >>> >>> Thanks :) >>> >>> >>> ------------------------------------------------------------------------------ >>> Come build with us! The BlackBerry® Developer Conference in SF, CA >>> is the only developer event you need to attend this year. Jumpstart your >>> developing skills, take BlackBerry mobile applications to market and stay >>> ahead of the curve. Join us from November 9-12, 2009. Register >>> now! >>> http://p.sf.net/sfu/devconf >>> _______________________________________________ >>> sqlmap-users mailing list >>> sql...@li... >>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >>> >> >> >> ------------------------------------------------------------------------------ >> Come build with us! The BlackBerry® Developer Conference in SF, CA >> is the only developer event you need to attend this year. Jumpstart your >> developing skills, take BlackBerry mobile applications to market and stay >> ahead of the curve. Join us from November 9-12, 2009. Register now! >> http://p.sf.net/sfu/devconf >> _______________________________________________ >> sqlmap-users mailing list >> sql...@li... >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> >> > > ------------------------------------------------------------------------------ > Come build with us! The BlackBerry® Developer Conference in SF, CA > is the only developer event you need to attend this year. Jumpstart your > developing skills, take BlackBerry mobile applications to market and stay > ahead of the curve. Join us from November 9-12, 2009. Register now! > http://p.sf.net/sfu/devconf > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > |