[sqlmap-users] Simple failed injection
Brought to you by:
inquisb
Menu
▾
▴
[sqlmap-users] Simple failed injection
|
From: Stephen S. <ss...@ss...> - 2012-09-14 18:09:02
|
Hi all,
Trying to do a (simple) injection with sqlmap, and I can't seem to coax it
into getting it right.
The PHP source looks something like:
$res = mysql_query("SELECT userid, custname, custemail, owing FROM custdata
AS cd WHERE cd.userid = (SELECT userid FROM ccc_users AS cu WHERE sessionid
= '$_COOKIE['sesh']')");
and then it displays the fields it pulled out.
The command(s) I've tried look something like ./sqlmap.py -u
site.com/script.php --cookie="sesh=1" --cookie-urlencode --level=5
--risk=5. However, the only injection point it finds is AND/OR time-based
blind, which is horribly slow. Of course, manually, I can do a
sesh=')%20UNION%20select%201,2,3,4%20--%20 or similar, so
I'm definitely able to pull out results.
Anything I can do to push sqlmap in the right direction?
Thanks,
ss23
|
