Re: [sqlmap-users] POST injection
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] POST injection
|
From: Bernardo D. A. G. <ber...@gm...> - 2011-05-09 09:19:55
|
Hi James, On 8 May 2011 21:33, <ja...@ev...> wrote: > Hi, > > I was recently messing around with another scanner and I found an > injection I'd like to play around with in Sqlmap. > > The injection found is a POST to something.asp and its " > action=login&login=whatever'=sleep(15)='&password= ". I verified it > manually and its good to go, however I've not yet been able to get > SQLmap to detect and exploit it. I don't get the payload. Is it literally: whatever'=sleep(15=' ? If so, those two equal sign do not look to me like valid SQL. Can you check with the other scanner what exact payload got injected? What is the back-end DBMS? Thank you. -- Bernardo Damele A. G. E-mail / Jabber: bernardo.damele (at) gmail.com Mobile: +447788962949 (UK 07788962949) PGP Key ID: 0x05F5A30F |
