[sqlmap-users] Injection into columns list

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Evening all,

I had an SQL injection into a MySQL5-based web application the other week
which involved me having control over the column list being selected.  I
tried sqlmap against the URL, but it didn't find the injection point.  I
tried again,  taking the --level and --risk a little higher, but still
nothing.

In the end, I manually exploited it using a sub-select. Was I doing
something wrong with sqlmap, or will it not identify injection points like
that?  I can provide an example of the query the application was using if
this helps.

Regards,

Matt