[sqlmap-users] SQLMAP Blind injection not supported
Brought to you by:
inquisb
Menu
▾
▴
[sqlmap-users] SQLMAP Blind injection not supported
|
From: Loïc T. <lth...@gm...> - 2015-02-19 21:38:08
|
Hi. SQLmap wouldn't detect an injection though manually it works perfectly. It is on a post request. Using this value will display the page : id=75102' and (select user()) ='root@localhost' # Replacing 'root' by anything else won't work (except for the same in uppercase, it seems the charset is case insensitive) I've tried --level 5, but without any success. This seems pretty simple to me, I mean it's just basically [int]' AND [payload] [comment] (Note that # is the only comment I've found working. -- or /* won't work). DBS is Mysql. I've tried that option too. Any idea on how to have this to work with sqlmap? Regards, Loïc |
