Re: [sqlmap-users] Blind SQL Injection
Brought to you by:
inquisb
From: Bernardo D. A. G. <ber...@gm...> - 2010-04-29 10:57:28
|
Please, read carefully the user's manual (doc/README.pdf) for details on --string. Bernardo On Fri, Mar 26, 2010 at 16:36, Pagera <pag...@gm...> wrote: > hello > > it didnt wrok > > what im trying to do is > sqlmap -u "http://example.com/images.php?id=10" --string="id" > > the url is vulnerable cuz when i use the browser with > > http://example.com/images.php?id=10 and 1=2 > im able to see the MySql error and i tried so much function like > version() it works > i also used > http://example.com/images.php?id=10 union select > 1,2,3,group_concat(table_name),5,6,7 from information_schema.tables > and i got the table names > > but when using sqlmap there is nothing it acts like the url is not > vulnerable > i also used --prefix="id" --postfix="1=1" > > and also nothing > > > > > David Guimaraes wrote: >> Try passing --string parameter to sqlmap. >> >> --string=STRING String to match in page when the query is valid >> >> On Thu, Mar 25, 2010 at 6:18 PM, Pagera <pag...@gm... >> <mailto:pag...@gm...>> wrote: >> >> Hello and hope fine >> thank bernardo for the DirBuster >> >> a question about Blind sql injection >> does SQLMap support this mode? >> >> i used --UNION-USE but it failed .. i have a vulnerable url >> im able to view all database information by manipulating the http url >> like "version() , etc >> but when im using SQLMap the result is that this url is not >> vulnerable!!! >> >> im wondering if its cuz of not supporting Blind Mode? >> >> and thank for help >> >> >> >> ------------------------------------------------------------------------------ >> Download Intel® Parallel Studio Eval >> Try the new software tools for yourself. Speed compiling, find bugs >> proactively, and fine-tune applications for parallel performance. >> See why Intel Parallel Studio got high marks during beta. >> http://p.sf.net/sfu/intel-sw-dev >> _______________________________________________ >> sqlmap-users mailing list >> sql...@li... >> <mailto:sql...@li...> >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> >> >> >> >> -- >> David Gomes Guimarães > > > ------------------------------------------------------------------------------ > Download Intel® Parallel Studio Eval > Try the new software tools for yourself. Speed compiling, find bugs > proactively, and fine-tune applications for parallel performance. > See why Intel Parallel Studio got high marks during beta. > http://p.sf.net/sfu/intel-sw-dev > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > -- Bernardo Damele A. G. E-mail / Jabber: bernardo.damele (at) gmail.com Mobile: +447788962949 (UK 07788962949) PGP Key ID: 0x05F5A30F |