hi David.
"I don't know if there are other quickest methods, else it could be
included in sqlmap."
actually we have a mechanisms to dealing with these kind of problems.
it's called tampering and you can use it with --tamper switch and
scripts located in ./tamper directory. in your case best solut
Hello,
sqlmap is not detecting the proper OS when I try to use various options,
such as --os-cmd and --os-pwn. I have been testing against the Kioptrix
Level 2 VM Challenge. Whenever I am prompted for the web server path, it
will not accept a valid linux path. As you can see from the below outp
Hello,
I found a web application that uses PostgreSQL 8.1.22 and filter '>' and '<'
characters. This app is vulnerable to a Blind Sql injection, so sqlmap try
to extract data doing the boolean-base technique. However, due to <,>
characters are filtered sqlmap is not able to extract data. The metho
nevermind the last message.
this is particular case and i'll try to deal with it.
thing is that the returned page for AND 1=1 was really too similar to
the original (match ratio 0.973) and together with comparison against
response of 1=0 it triggered FALSE positive.
kr
On Wed, Apr 20, 2011 at 3
hi all.
here we have a pretty "interesting" problem. ahmed sent me privately
the url and it really seems like a FALSE positive.
but this one is pretty annoying and not so obvious to solve.
thing is that the tested "search" parameter with payload "bla AND 1=1"
displays totally different results t
hi Ahmed.
could you please retry with --flush-session and --text-only and report back?
kr
On Wed, Apr 20, 2011 at 7:06 AM, Ahmed Shawky wrote:
> sqlmap display the output in strange way something like
> available databases [1]:
> [*] ][[[][A[]][][][[][]B! QCR Q]C
> the used flags areĀ -t log
hi Andres.
thank you for your idea :)
find it implemented in the latest commit (r3721).
kr
On Wed, Apr 20, 2011 at 1:47 AM, Andres Riancho
wrote:
> One recomendation would be to also enable it to "break a tie". If the http
> header says encoding A and the html says B, use chardet to decide whi
