Thread: [sqlmap-users] sqlmap and follow redirections sql-inj
Brought to you by:
inquisb
Menu
▾
▴
sqlmap-users
|
From: Valentin K. <zac...@gm...> - 2011-01-28 17:59:25
|
i have an 0.8 version,but don`t find no info about following redirection on the page for union based sql(else -just blind sql).Maybe in future releases this functions will be add?) |
|
From: Valentin K. <zac...@gm...> - 2011-01-29 19:43:43
|
update sqlmap from svn upto revision 3127,but now sqlmap don`t detect a sql-inj,even only with -u "http://url.com/test.php?id=1" .And,Of course, no following redirection(( |
|
From: Valentin K. <zac...@gm...> - 2011-01-30 12:15:17
|
[quote] Well, it such a great thing to help users which don't have common sense at all. [/quote] that was a joke..mda. ------------------ sql-inj have 2 column,which stay visible only after the redirect to other page happened.havij work with it fine as non-blind.But i want non blind-inj with sqlmap. |
|
From: Miroslav S. <mir...@gm...> - 2011-02-01 00:27:53
|
...you have been asked something like this for sure: [01:25:06] [INFO] testing connection to the target url sqlmap got a 302 redirect to http://www.someothersite.com/ - What target address do you wa nt to use from now on? http://www.site.com/index.php (default) or pro vide another target address based also on the redirection got from the applicati on > ...and you've probably just pressed Enter. please read that part carefully and choose wisely. kr On Sun, Jan 30, 2011 at 1:15 PM, Valentin Kurkov <zac...@gm...> wrote: > [quote] > Well, it such a great thing to help users which don't have common sense at > all. > [/quote] > that was a joke..mda. > ------------------ > sql-inj have 2 column,which stay visible only after the redirect to other > page happened.havij work with it fine as non-blind.But i want non blind-inj > with sqlmap. > ------------------------------------------------------------------------------ > Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)! > Finally, a world-class log management solution at an even better price-free! > Download using promo code Free_Logger_4_Dev2Dev. Offer expires > February 28th, so secure your free ArcSight Logger TODAY! > http://p.sf.net/sfu/arcsight-sfd2d > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar E-mail / Jabber: miroslav.stampar (at) gmail.com Mobile: +385921010204 (HR 0921010204) PGP Key ID: 0xB5397B1B Location: Zagreb, Croatia |
|
From: Bernardo D. A. G. <ber...@gm...> - 2011-01-28 18:22:40
|
Svn update and try with latest version. Http redirects should be well supported now. Bernardo Damele A. G. This message was sent from a smartphone On 28 Jan 2011, at 17:59, Valentin Kurkov <zac...@gm...> wrote: > i have an 0.8 version,but don`t find no info about following redirection on the page for union based sql(else -just blind sql).Maybe in future releases this functions will be add?) > ------------------------------------------------------------------------------ > Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)! > Finally, a world-class log management solution at an even better price-free! > Download using promo code Free_Logger_4_Dev2Dev. Offer expires > February 28th, so secure your free ArcSight Logger TODAY! > http://p.sf.net/sfu/arcsight-sfd2d > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users |
|
From: Valentin K. <zac...@gm...> - 2011-01-29 19:40:54
|
---------- Forwarded message ---------- From: Valentin Kurkov <zac...@gm...> Date: 2011/1/29 Subject: Re: [sqlmap-users] sqlmap and follow redirections sql-inj To: "Bernardo Damele A. G." <ber...@gm...> update sqlmap from svn upto revision 3127,but now sqlmap don`t detect a sql-inj,even only with -u "http://url.com/test.php?id=1" .And,*Of course, no following redirection((* 2011/1/28 Bernardo Damele A. G. <ber...@gm...> Svn update and try with latest version. Http redirects should be well > supported now. > > Bernardo Damele A. G. > > This message was sent from a smartphone > > On 28 Jan 2011, at 17:59, Valentin Kurkov <zac...@gm...> wrote: > > > i have an 0.8 version,but don`t find no info about following redirection > on the page for union based sql(else -just blind sql).Maybe in future > releases this functions will be add?) > > > ------------------------------------------------------------------------------ > > Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)! > > Finally, a world-class log management solution at an even better > price-free! > > Download using promo code Free_Logger_4_Dev2Dev. Offer expires > > February 28th, so secure your free ArcSight Logger TODAY! > > http://p.sf.net/sfu/arcsight-sfd2d > > _______________________________________________ > > sqlmap-users mailing list > > sql...@li... > > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > |
|
From: Miroslav S. <mir...@gm...> - 2011-01-29 22:24:16
|
Hi. How many columns? Have you tried to exploit it manually? Have you tried to use --union-cols? KR On Sat, Jan 29, 2011 at 8:40 PM, Valentin Kurkov <zac...@gm...> wrote: > > > ---------- Forwarded message ---------- > From: Valentin Kurkov <zac...@gm...> > Date: 2011/1/29 > Subject: Re: [sqlmap-users] sqlmap and follow redirections sql-inj > To: "Bernardo Damele A. G." <ber...@gm...> > > > update sqlmap from svn upto revision 3127,but now sqlmap don`t detect a > sql-inj,even only with -u "http://url.com/test.php?id=1" .And,Of course, no > following redirection(( > > > 2011/1/28 Bernardo Damele A. G. <ber...@gm...> >> >> Svn update and try with latest version. Http redirects should be well >> supported now. >> >> Bernardo Damele A. G. >> >> This message was sent from a smartphone >> >> On 28 Jan 2011, at 17:59, Valentin Kurkov <zac...@gm...> wrote: >> >> > i have an 0.8 version,but don`t find no info about following redirection >> > on the page for union based sql(else -just blind sql).Maybe in future >> > releases this functions will be add?) >> > >> > ------------------------------------------------------------------------------ >> > Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)! >> > Finally, a world-class log management solution at an even better >> > price-free! >> > Download using promo code Free_Logger_4_Dev2Dev. Offer expires >> > February 28th, so secure your free ArcSight Logger TODAY! >> > http://p.sf.net/sfu/arcsight-sfd2d >> > _______________________________________________ >> > sqlmap-users mailing list >> > sql...@li... >> > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > > > ------------------------------------------------------------------------------ > Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)! > Finally, a world-class log management solution at an even better price-free! > Download using promo code Free_Logger_4_Dev2Dev. Offer expires > February 28th, so secure your free ArcSight Logger TODAY! > http://p.sf.net/sfu/arcsight-sfd2d > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar E-mail / Jabber: miroslav.stampar (at) gmail.com Mobile: +385921010204 (HR 0921010204) PGP Key ID: 0xB5397B1B Location: Zagreb, Croatia |
|
From: Miroslav S. <mir...@gm...> - 2011-01-29 22:28:28
|
LOL "And,Of course, no following redirection" Well, it such a great thing to help users which don't have common sense at all. KR On Sat, Jan 29, 2011 at 8:40 PM, Valentin Kurkov <zac...@gm...> wrote: > > > ---------- Forwarded message ---------- > From: Valentin Kurkov <zac...@gm...> > Date: 2011/1/29 > Subject: Re: [sqlmap-users] sqlmap and follow redirections sql-inj > To: "Bernardo Damele A. G." <ber...@gm...> > > > update sqlmap from svn upto revision 3127,but now sqlmap don`t detect a > sql-inj,even only with -u "http://url.com/test.php?id=1" .And,Of course, no > following redirection(( > > > 2011/1/28 Bernardo Damele A. G. <ber...@gm...> >> >> Svn update and try with latest version. Http redirects should be well >> supported now. >> >> Bernardo Damele A. G. >> >> This message was sent from a smartphone >> >> On 28 Jan 2011, at 17:59, Valentin Kurkov <zac...@gm...> wrote: >> >> > i have an 0.8 version,but don`t find no info about following redirection >> > on the page for union based sql(else -just blind sql).Maybe in future >> > releases this functions will be add?) >> > >> > ------------------------------------------------------------------------------ >> > Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)! >> > Finally, a world-class log management solution at an even better >> > price-free! >> > Download using promo code Free_Logger_4_Dev2Dev. Offer expires >> > February 28th, so secure your free ArcSight Logger TODAY! >> > http://p.sf.net/sfu/arcsight-sfd2d >> > _______________________________________________ >> > sqlmap-users mailing list >> > sql...@li... >> > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > > > ------------------------------------------------------------------------------ > Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)! > Finally, a world-class log management solution at an even better price-free! > Download using promo code Free_Logger_4_Dev2Dev. Offer expires > February 28th, so secure your free ArcSight Logger TODAY! > http://p.sf.net/sfu/arcsight-sfd2d > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar E-mail / Jabber: miroslav.stampar (at) gmail.com Mobile: +385921010204 (HR 0921010204) PGP Key ID: 0xB5397B1B Location: Zagreb, Croatia |
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X