Re: [sqlmap-users] Basic injection not working... Help.
Brought to you by:
inquisb
From: Bernardo D. A. G. <ber...@gm...> - 2009-09-17 16:54:12
|
Hi Tristan, I said AND 1=1 and AND 1=2. sqlmap does this test. It does not do AND 1 nor AND 0. By the way, the detection phase in sqlmap is in process to be totally rewritten because at this time it misses many cases. Cheers, Bernardo On Thu, Sep 17, 2009 at 17:49, Tristan Foureur <tri...@gm...> wrote: > Hi bernardo, > > Thanks for your reply, > > Yes, I'm allowed to test this website. Hmm... I don't understand that such a > complex program doesn't find this parameter vulnerable, cause it DO works > with AND 1 and it DOESNT work with AND 0. > > I will also try to use the --string option. -- Bernardo Damele A. G. E-mail / Jabber: bernardo.damele (at) gmail.com Mobile: +447788962949 (UK 07788962949) PGP Key ID: 0x05F5A30F |