[sqlmap-users] Weird payload generated
Brought to you by:
inquisb
Menu
▾
▴
[sqlmap-users] Weird payload generated
|
From: Raphael G. <rap...@gm...> - 2013-10-02 12:29:49
|
Hi, sqlmap/1.0-dev-25eca9d I don't manage to get Sqlmap generating the good payload ! Here is my entry point : (dbms = MSSQL) I got this with manual tries in burp : param value : (select name from sysusers where udi=-1) - if the select returns no value => HTTP request returns 200 - otherwise returns 302 to an error page so with param value : (select name from sysusers where udi=-1 or 1=1) => returns error with param value : (select name from sysusers where udi=-1 or 1=2) => returns 200 I thought I could make Sqlmap find a boolean based blind test with OR statements So I tried this command : ./sqlmap.py -r myreq.txt -p param --level=3 --risk=3 --prefix="(select name from sysusers where udi=-1 " --suffix=")" nothing is founded but when I look at generated payloads, I get [PAYLOAD] -9402(select name from sysusers where udi=-1 OR (9544=9561)) so I always get a number generated before my command Where am I wrong ? Thanks |
