Re: [sqlmap-users] Problem with a Login
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] Problem with a Login
|
From: Miroslav S. <mir...@gm...> - 2016-12-04 14:28:06
|
This is a straigthforward case. You are messing something up. Use username=foobar&password=foobar in POST data. Don't put already SQLi payload anywhere. Use --level=3 --risk=3 As said, you are doing something really really wrong here. Bye On Sun, Dec 4, 2016 at 3:06 PM, Daniele Bianchin <bbi...@gm...> wrote: > Hi! > I have an issue with sqlmap. > I created my own fake login in order to test blind sql injection but > everytime i make a test sqlmap says it isn't exploitable. > I tried to add a suffix, set level to 5, set risk to 3, set not-string > option but sqlmap still not work with it. > The login source is: http://pastebin.com/xzKZJNB1 > > I tried to inject some payloads manually such as ' OR 1=1#, ' UNION ALL > SELECT NULL;NULL #, etc... and they work. > What should i do? > > Thanks in advance! > > > Daniele. > > ------------------------------------------------------------ > ------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, SlashDot.org! http://sdm.link/slashdot > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar http://about.me/stamparm |
