Re: [sqlmap-users] detecting blind sql injection vulnerabilities in non-text output pages
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] detecting blind sql injection vulnerabilities in non-text output pages
|
From: Bernardo D. A. G. <ber...@gm...> - 2011-02-21 22:44:18
|
At the moment it has no support for these responses. It is in our todo though. Bernardo Damele A. G. This message was sent from a smartphone On 21 Feb 2011, at 21:56, "bu...@gm..." <bu...@gm...> wrote: > Hi, > > I have a blind sql injection vulnerability that results in different > pictures (content type img/png - no html) depending if true or false. > The size of the picture in terms of bytes and resolution does not > change. The content and their hash (e.g. MD5) does. > > It seams that sqlmap is not able to detect the vulnerability. > I provided the backend dbms (Oracle) via --dbms and tried it also with > --level 5. > > How does sqlmap compair non-html responses? Does it calculate hashes or > does it just look on response size if the reply is not text/html? > > thanks! (using r3351) > > ------------------------------------------------------------------------------ > Index, Search & Analyze Logs and other IT data in Real-Time with Splunk > Collect, index and harness all the fast moving IT data generated by your > applications, servers and devices whether physical, virtual or in the cloud. > Deliver compliance at lower cost and gain new business insights. > Free Software Download: http://p.sf.net/sfu/splunk-dev2dev > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users |
