hi wlad.
On Fri, May 6, 2011 at 3:52 PM, W W <wla...@li...> wrote:
> Hi there is some problems with sqlmap. At first only SQL comment character
> which is used is #. I tried editing xml/queries.xml manually to enforce
> using -- because in some situations injections with # or /* did'nt working.
> So nothing happened after editing, and thats why i cant use it successfuly,
> but there is union injection 100%.
with how many columns?
Second. Some code implies sending http
> response header in blind injecton when appears false situation. For example,
> http://url/script?id=1 and 1=1 Response code:200(OK) but when
> http://url/script?id=1 and 1=0 Response code (404)not found etc. This really
> kicks sqlmap out of mission immediatly.
this shouldn't be a problem. in blind injections sqlmap uses 404 as a
response for FALSE.
>
> Tested on sqlmap/0.9(stable) and sqlmap/1.0-dev (r3849)
> Python 2.7
could you please contact me privately with further details and i could
later today help you with this situation?
>
> Thanks for a great work :)
>
> ------------------------------------------------------------------------------
> WhatsUp Gold - Download Free Network Management Software
> The most intuitive, comprehensive, and cost-effective network
> management toolset available today. Delivers lowest initial
> acquisition cost and overall TCO of any competing solution.
> http://p.sf.net/sfu/whatsupgold-sd
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>
--
Miroslav Stampar
E-mail: miroslav.stampar (at) gmail.com
PGP Key ID: 0xB5397B1B
|
