Re: [sqlmap-users] Does sqlmap have support for injection without quotes?
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] Does sqlmap have support for injection without quotes?
|
From: Miroslav S. <mir...@gm...> - 2014-06-17 11:23:10
|
Hi. I believe that you are doing something wrong (at PHP side). Can you please post the complete PHP used in your case? Also, do you get anything when you use --parse-errors? Kind regards, Miroslav Stampar On Mon, Jun 16, 2014 at 4:12 PM, Nikola Tesla <735...@gm...> wrote: > There are times when the query being executed is something like: > *'SELECT content FROM pages WHERE ID=' . $_GET['page_id'] . ' LIMIT 1'* > > I have noticed support for double quotes but sqlmap did not seem to be > able to exploit a sample web app I setup locally that did not use quotes. > The command I used was: > *./sqlmap.py -u http://localhost/numeric_injection.php?id=1 > <http://localhost/numeric_injection.php?id=1> --level 5 --risk 3 -v2 > --threads 5 --dbms mysql --random-agent -o --dump-all* > > Is there something wrong with the way commentI am running sqlmap or is > this just not a feature yet? > > > > ------------------------------------------------------------------------------ > HPCC Systems Open Source Big Data Platform from LexisNexis Risk Solutions > Find What Matters Most in Your Big Data with HPCC Systems > Open Source. Fast. Scalable. Simple. Ideal for Dirty Data. > Leverages Graph Analysis for Fast Processing & Easy Data Exploration > http://p.sf.net/sfu/hpccsystems > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar http://about.me/stamparm |
