Re: [sqlmap-users] SQLmap doesn't find union sql injection
Brought to you by:
inquisb
From: Bernardo D. A. G. <ber...@gm...> - 2010-02-12 14:39:48
|
Hi, On Fri, Feb 12, 2010 at 14:31, <rez...@se...> wrote: > ... > http://www.osa.cz/page4.php?t=-1%20UNION%20ALL%20SELECT%201,2,3,4,version%28%29,6,7,8,9 > > So a run these two command: > > $ sqlmap.py -u "http://www.XXX.ZZZ.YYY/noticias_show.php?id=2868" > --union-test > > and > > $ sqlmap.py -u "http://www.XXX.ZZZ/page4.php?t=129" --union-test > > In the first case, sqlmap correctly tells mi that site is vulnerable to > union sql injection. That's good. But in the second case sqlmap tells, > that site isn't vulnerable to that kind of sql injection in spite of it > is (see the link above). These two scenerios looks to me very similar, > so my question is, where is the problem and why sqlmap can't find union > sql injection in the second case. Thank you. First of all, do NOT post real sites in the mailing list and I recommend you not hack random sites without written permission. I see from your example that you provide digits from 1 to test for UNION query SQL injection; sqlmap uses NULLs, maybe some field in the original SELECT statement can't be NULL. The detection of UNION along all the rest of SQL injection techniques will be totally re-engineered after 0.8 stable release so we will cover also this type of detection. -- Bernardo Damele A. G. E-mail / Jabber: bernardo.damele (at) gmail.com Mobile: +447788962949 (UK 07788962949) PGP Key ID: 0x05F5A30F |