Re: [sqlmap-users] SQLMAP Blind injection not supported
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] SQLMAP Blind injection not supported
|
From: Loïc T. <lth...@gm...> - 2015-02-19 21:43:06
|
Oh nevermind, I was using an HTTP request loaded from a file, but using the -u parameter seems to work fine. Thanks anyway. 2015-02-19 22:38 GMT+01:00 Loïc THOMAS <lth...@gm...>: > Hi. > > SQLmap wouldn't detect an injection though manually it works perfectly. > It is on a post request. > > Using this value will display the page : > > id=75102' and (select user()) ='root@localhost' # > > Replacing 'root' by anything else won't work (except for the same in > uppercase, it seems the charset is case insensitive) > > I've tried --level 5, but without any success. > > This seems pretty simple to me, I mean it's just basically [int]' AND > [payload] [comment] > (Note that # is the only comment I've found working. -- or /* won't work). > > DBS is Mysql. I've tried that option too. > > Any idea on how to have this to work with sqlmap? > > > Regards, > > Loïc > |
