[sqlmap-users] Injection in Basic Authentication
Brought to you by:
inquisb
Menu
▾
▴
[sqlmap-users] Injection in Basic Authentication
|
From: DNC <sq...@hu...> - 2012-05-25 17:13:55
|
Hello All, Is it possible to make injection in Basic Auth information ? I am in this situation : On the Basic Auth login if i put : x' AND 1=(SELECT COUNT(*) FROM users); -- I have as reply : *You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '--' AND pass = 'test'' at line 1* On the Basic Auth Pass if i put the same : x' AND 1=(SELECT COUNT(*) FROM users); -- I have as reply : *You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '--'' at line 1* As I am kind of bad in SQL Query, I try to automate with SQLMap with this command : ./sqlmap.py -u http://test.com/folder/file.php --auth-type=Basic --auth-cred=*:admin --level=5 --risk=3 --user-agent="Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)" It stop on : not authorized, try to provide right HTTP authentication type and valid credentials (401) Is there a way to make it anyway ? Regards DNC |
