Re: [sqlmap-users] boolean based sqli
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] boolean based sqli
|
From: Miroslav S. <mir...@gm...> - 2016-03-14 16:26:53
|
Hardly will sqlmap give all the correct payloads right away.
Though, to recreate sessions you could take a look into the:
--safe-url=SAFEURL URL address to visit frequently during testing
--safe-post=SAFE.. POST data to send to a safe URL
--safe-req=SAFER.. Load safe HTTP request from a file
--safe-freq=SAFE.. Test requests between two visits to a given safe URL
With "safe URL" mechanism you could visit the "session recreation" page at
every <freq> times. sqlmap should take the new session cookie at every
visit.
Bye
On Mon, Mar 14, 2016 at 5:10 PM, Marcell Fodor <fod...@gm...>
wrote:
> Hi,
>
> I have an application where the injection is pretty straightforward:
>
> ?asd= (case when(123=123 *) then 1 else 2 end)
>
> Problem is, when Sqlmap tries the injection point, it sends query which
> results in incorrect syntax on the server side and crashes the session. I
> can make the it working by Burp Marcos, recreating the session prior all
> sqlmap test requests, and sqlmap will find the injection point working
> after a few tries.
>
> Is there a more elegant way to do this?
>
>
>
>
>
> ------------------------------------------------------------------------------
> Transform Data into Opportunity.
> Accelerate data analysis in your applications with
> Intel Data Analytics Acceleration Library.
> Click to learn more.
> http://pubads.g.doubleclick.net/gampad/clk?id=278785231&iu=/4140
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>
--
Miroslav Stampar
http://about.me/stamparm
|
