Re: [sqlmap-users] A thought about boolean based injection
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] A thought about boolean based injection
|
From: Miroslav S. <mir...@gm...> - 2012-07-07 09:45:22
|
Hi. We had that one but we removed it (actually I am the one that did it). Please take a close look at https://github.com/sqlmapproject/sqlmap/issues/70. Kind regards, Miroslav Stampar On Sat, Jul 7, 2012 at 11:19 AM, <du...@al...> wrote: > So, I came to think about this scenario, and I haven't been able to > really get it to work with sqlmap. > > You have a page where, when injecting something like ?someparam=1' AND > 1='1 gives you the "normal expected page" (like a news article or > something). > And ?someparam=1' AND 1='2 gives you the exact same page, but with an > extra line of text saying something (like an error or a debug message > for example). > > So, the first one would give > > "This is a news message" > > While the second, false statement, would give > > "[Debug, something went wrong, blabla etc] > This is a news message" > > > How would I go about getting sqlmap to recognize that as a regular > boolean based injection? > It can use a time based injection in this case, but I want it to see > the other alternative as well, as I know it is there. > > Is this somehow possible? > > > > ------------------------------------------------------------------------------ > Live Security Virtual Conference > Exclusive live event will cover all the ways today's security and > threat landscape has changed and how IT managers can respond. Discussions > will include endpoint security, mobile security and the latest in malware > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > -- Miroslav Stampar http://about.me/stamparm |
