[sqlmap-users] Does sqlmap have support for injection without quotes?
Brought to you by:
inquisb
Menu
▾
▴
[sqlmap-users] Does sqlmap have support for injection without quotes?
|
From: Nikola T. <735...@gm...> - 2014-06-16 14:12:17
|
There are times when the query being executed is something like: *'SELECT content FROM pages WHERE ID=' . $_GET['page_id'] . ' LIMIT 1'* I have noticed support for double quotes but sqlmap did not seem to be able to exploit a sample web app I setup locally that did not use quotes. The command I used was: *./sqlmap.py -u http://localhost/numeric_injection.php?id=1 <http://localhost/numeric_injection.php?id=1> --level 5 --risk 3 -v2 --threads 5 --dbms mysql --random-agent -o --dump-all* Is there something wrong with the way commentI am running sqlmap or is this just not a feature yet? |
