Re: [sqlmap-users] stunned
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] stunned
|
From: Miroslav S. <mir...@gm...> - 2011-02-08 21:55:11
|
..and why are you stunned ciccio? On Tue, Feb 8, 2011 at 10:54 PM, Miroslav Stampar <mir...@gm...> wrote: > have you tried different levels (--level)? > > have you tried different risks (--risk)? > > in plainspeak: > higher level = more techniques > higher risk = more prefix/postfix combinations > > kr > > On Tue, Feb 8, 2011 at 10:50 PM, ciccio panzino > <cic...@gm...> wrote: >> Hi, I've tested manually several sites which give me typical ODBC >> MS-SQL syntax error with simple tick inserted in the POST login >> parameters. Again when I perform different payloads like "union select >> blabla" the error message change and show me I'm interact effectively >> with the db. >> BUT if I perform a simple test with sqlmap -u www.foo.bar/login.asp >> --method=post --data=par1=val1&par2=val2 -p par1 it say me par1 is not >> injectable (while manually it is). Why sqlmap doesn't see the vuln? >> Where I wrong? >> Again if in the data option i put a normal value for par1 (like asdf), >> sqlmap say me "the parameter par 1 is not dynamic" and shutdown, while >> if I put directly a tick after asdf value in the data option, sqlmap >> see it like "dynamic" and start the tests (with "not injectable" >> response at the end) >> help plz >> thks >> mariuolo >> >> ------------------------------------------------------------------------------ >> The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE: >> Pinpoint memory and threading errors before they happen. >> Find and fix more than 250 security defects in the development cycle. >> Locate bottlenecks in serial and parallel code that limit performance. >> http://p.sf.net/sfu/intel-dev2devfeb >> _______________________________________________ >> sqlmap-users mailing list >> sql...@li... >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> > > > > -- > Miroslav Stampar > > E-mail: miroslav.stampar (at) gmail.com > Alternate: miroslav.stampar (at) mail.ru > PGP Key ID: 0xB5397B1B > Location: Zagreb, Croatia > -- Miroslav Stampar E-mail: miroslav.stampar (at) gmail.com Alternate: miroslav.stampar (at) mail.ru PGP Key ID: 0xB5397B1B Location: Zagreb, Croatia |
