Re: [sqlmap-users] stunned
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] stunned
|
From: Miroslav S. <mir...@gm...> - 2011-02-08 22:10:40
|
aha, now i see: "sqlmap say me "the parameter par 1 is not dynamic" and shutdown" you are using 0.8 right? please update to the latest version (0.9/dev) from our repository: svn checkout https://svn.sqlmap.org/sqlmap/trunk/sqlmap sqlmap-dev we've fixed some minor stuff till then :) kr On Tue, Feb 8, 2011 at 10:55 PM, Miroslav Stampar <mir...@gm...> wrote: > ..and why are you stunned ciccio? > > On Tue, Feb 8, 2011 at 10:54 PM, Miroslav Stampar > <mir...@gm...> wrote: >> have you tried different levels (--level)? >> >> have you tried different risks (--risk)? >> >> in plainspeak: >> higher level = more techniques >> higher risk = more prefix/postfix combinations >> >> kr >> >> On Tue, Feb 8, 2011 at 10:50 PM, ciccio panzino >> <cic...@gm...> wrote: >>> Hi, I've tested manually several sites which give me typical ODBC >>> MS-SQL syntax error with simple tick inserted in the POST login >>> parameters. Again when I perform different payloads like "union select >>> blabla" the error message change and show me I'm interact effectively >>> with the db. >>> BUT if I perform a simple test with sqlmap -u www.foo.bar/login.asp >>> --method=post --data=par1=val1&par2=val2 -p par1 it say me par1 is not >>> injectable (while manually it is). Why sqlmap doesn't see the vuln? >>> Where I wrong? >>> Again if in the data option i put a normal value for par1 (like asdf), >>> sqlmap say me "the parameter par 1 is not dynamic" and shutdown, while >>> if I put directly a tick after asdf value in the data option, sqlmap >>> see it like "dynamic" and start the tests (with "not injectable" >>> response at the end) >>> help plz >>> thks >>> mariuolo >>> >>> ------------------------------------------------------------------------------ >>> The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE: >>> Pinpoint memory and threading errors before they happen. >>> Find and fix more than 250 security defects in the development cycle. >>> Locate bottlenecks in serial and parallel code that limit performance. >>> http://p.sf.net/sfu/intel-dev2devfeb >>> _______________________________________________ >>> sqlmap-users mailing list >>> sql...@li... >>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >>> >> >> >> >> -- >> Miroslav Stampar >> >> E-mail: miroslav.stampar (at) gmail.com >> Alternate: miroslav.stampar (at) mail.ru >> PGP Key ID: 0xB5397B1B >> Location: Zagreb, Croatia >> > > > > -- > Miroslav Stampar > > E-mail: miroslav.stampar (at) gmail.com > Alternate: miroslav.stampar (at) mail.ru > PGP Key ID: 0xB5397B1B > Location: Zagreb, Croatia > -- Miroslav Stampar E-mail: miroslav.stampar (at) gmail.com Alternate: miroslav.stampar (at) mail.ru PGP Key ID: 0xB5397B1B Location: Zagreb, Croatia |
