Re: [sqlmap-users] Union injectable or not
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] Union injectable or not
|
From: Brandon P. <bpe...@gm...> - 2015-02-08 23:08:12
|
The application could be requiring one of the columns to be in a certain format (perhaps a date, or serialized object) in order to be brought to the UI. Just sending and int/string or a NULL causes the SQL query to succeed, but the app throws an error due to the data not being formatted as expected. On Sun, Feb 8, 2015 at 4:08 PM, Vojtěch Polášek <kr...@gm...> wrote: > Greetings, > I am doing some pentesting for a corporation. > I am testing some GET parameter of their web application and I encounter > a strange issue. > The URL seems to be injectable as sqlmap states, but at the end it says > that it is not injectable. > Here is a link to the log with verbosity level 3. Due to confidentiality > reasons, I can't provide you with actual requests or responses. > > http://cloud.vojtapolasek.eu/public.php?service=files&t=2c68ef52ac55edb53770c9d5be403bae > What might be the problem? > I am running Sqlmap 1.0dev-nongit-20150111 from Blackarch repository of > Arch Linux. > Thank you very much for your opinions, > Vojta > > > ------------------------------------------------------------------------------ > Dive into the World of Parallel Programming. The Go Parallel Website, > sponsored by Intel and developed in partnership with Slashdot Media, is > your > hub for all things parallel software development, from weekly thought > leadership blogs to news, videos, case studies, tutorials and more. Take a > look and join the conversation now. http://goparallel.sourceforge.net/ > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > -- http://volatile-minds.blogspot.com -- blog http://www.volatileminds.net -- website |
