Re: [sqlmap-users] Microsoft SQL 2008
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] Microsoft SQL 2008
|
From: Miroslav S. <mir...@gm...> - 2011-02-12 07:32:08
|
hi. this is either some case of false positive or dynamicity problem. to resolve this either: a) try --flush-session --text-only or b) --flush-session --string .... please, find one string that is characteristic only to the TRUE page and use it with --string parameter if a) and b) fail to find any injection then the problem is most definitely false positive. in that case please report with more details. kr On Sat, Feb 12, 2011 at 1:27 AM, Johnny Venter <Joh...@zo...> wrote: > Here is a sample of output I receive when I request "--current-user": > > ?~t|r8p?@?~?xx?n?zt > > I am using version 0.9-dev. > > Boolean based blind is the type of injection that was found. > > On Feb 11, 2011, at 5:41 PM, Miroslav Stampar wrote: > >> hi Johnny. >> >> it's not normal behavior :) >> >> you haven't told which version are you using? >> >> kr >> >> On Fri, Feb 11, 2011 at 9:42 PM, Johnny Venter <Joh...@zo...> wrote: >>> Whenever I try to enumerate information from a vulnerable web app (with SQL 2008 back-end), the information is garbled/unreadable. >>> >>> I am using SQLi blind method. Is there something I can do to convert the returned data or is this normal? >>> >>> >>> Thanks, J >>> >>> ------------------------------------------------------------------------------ >>> The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE: >>> Pinpoint memory and threading errors before they happen. >>> Find and fix more than 250 security defects in the development cycle. >>> Locate bottlenecks in serial and parallel code that limit performance. >>> http://p.sf.net/sfu/intel-dev2devfeb >>> _______________________________________________ >>> sqlmap-users mailing list >>> sql...@li... >>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >>> >> >> >> >> -- >> Miroslav Stampar >> >> E-mail: miroslav.stampar (at) gmail.com >> Alternate: miroslav.stampar (at) mail.ru >> PGP Key ID: 0xB5397B1B >> Location: Zagreb, Croatia >> >> ------------------------------------------------------------------------------ >> The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE: >> Pinpoint memory and threading errors before they happen. >> Find and fix more than 250 security defects in the development cycle. >> Locate bottlenecks in serial and parallel code that limit performance. >> http://p.sf.net/sfu/intel-dev2devfeb >> _______________________________________________ >> sqlmap-users mailing list >> sql...@li... >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > > -- Miroslav Stampar E-mail: miroslav.stampar (at) gmail.com Alternate: miroslav.stampar (at) mail.ru PGP Key ID: 0xB5397B1B Location: Zagreb, Croatia |
