Re: [sqlmap-users] Injection into columns list
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] Injection into columns list
|
From: Miroslav S. <mir...@gm...> - 2012-07-24 22:48:45
|
Hi Troy. More info is required for sure. You mean that you just need a (SELECT...)/subquery type of injection? This is something that we are aware that we need to do. Kind regards, Miroslav Stampar On Jul 24, 2012 11:18 PM, "Troy B" <pow...@gm...> wrote: > Evening all, > > I had an SQL injection into a MySQL5-based web application the other week > which involved me having control over the column list being selected. I > tried sqlmap against the URL, but it didn't find the injection point. I > tried again, taking the --level and --risk a little higher, but still > nothing. > > In the end, I manually exploited it using a sub-select. Was I doing > something wrong with sqlmap, or will it not identify injection points like > that? I can provide an example of the query the application was using if > this helps. > > Regards, > > Matt > > > ------------------------------------------------------------------------------ > Live Security Virtual Conference > Exclusive live event will cover all the ways today's security and > threat landscape has changed and how IT managers can respond. Discussions > will include endpoint security, mobile security and the latest in malware > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > |
