[sqlmap-users] 0.9 vs 1.0 r4395 - Injection point lost ?
Brought to you by:
inquisb
Menu
▾
▴
[sqlmap-users] 0.9 vs 1.0 r4395 - Injection point lost ?
|
From: Kafeine <sq...@hu...> - 2011-10-07 01:30:56
|
Hello all,
I used Sqlmap (sourceforge file 0.9) to test a lab botnet C&C control panel
page.
Sqlmap found an injection.
[09:30:15] [INFO] testing connection to the target url
sqlmap identified the following injection points with a total of 10993
HTTP(s) requests:
---
Place: Referer
Parameter: Referer
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: http://192.168.186.166:80/mypage.php) AND 1234=1234
---
I was not able to send a payload file on the server, after trying to create
a writeable folder, etc.., i checked related problem on internet.
Look like sqlmap saw a Linux where it was a windows (even when i forced
--os="Windows") I read that this was an issue that was solved... i updated
to SVN version. 1.0 r4395
After that the session was not usable anymore...so i run the scan again from
scratch and it look like it can't find this injection point anymore.
How is this possible ?
How can i make it find/validate this injection again ?
Regards
(sorry for my english...)
Kafeine
|
