[sqlmap-users] Blind SQL-Injection and re-authentication
Brought to you by:
inquisb
Menu
▾
▴
[sqlmap-users] Blind SQL-Injection and re-authentication
|
From: Jeremy M. <vi...@gm...> - 2011-06-09 15:19:42
|
Hi, during my pentests I've found several Blind SQL Injection that could be exploited just by authenticated users (I obviously mean web authentication not NTLM/Basic authentication). In most of these cases, a FALSE boolean response of a sql injection logged the user off, and I needed re-authenticate to launch the exploit again. Is there a way to configure sqlmap to re-authenticate automatically in case of a FALSE response? Some sort of a two step injection (authentication + injection) in particular cases (eg. FALSE response)? Best regards, Jeremy |
