[sqlmap-users] A thought about boolean based injection
Brought to you by:
inquisb
Menu
▾
▴
[sqlmap-users] A thought about boolean based injection
|
From: <du...@al...> - 2012-07-07 09:19:49
|
So, I came to think about this scenario, and I haven't been able to really get it to work with sqlmap. You have a page where, when injecting something like ?someparam=1' AND 1='1 gives you the "normal expected page" (like a news article or something). And ?someparam=1' AND 1='2 gives you the exact same page, but with an extra line of text saying something (like an error or a debug message for example). So, the first one would give "This is a news message" While the second, false statement, would give "[Debug, something went wrong, blabla etc] This is a news message" How would I go about getting sqlmap to recognize that as a regular boolean based injection? It can use a time based injection in this case, but I want it to see the other alternative as well, as I know it is there. Is this somehow possible? |
