I"ve always had trouble dumping Oracle databases. I can usually see the
Databases and columns, whether they come down via Union or time-based or
whatever. But when it comes down to:
./sqlmap.py URL:/parameters/etc/?id=3 --dump -T public -D not_sensitive
I get errors indicating there might only
Hi Olu.
What are the simptoms and which dbms?
One remark. Those two switches doesn't have anything to do with id-related
fields.
Kr
On 21.7.2011. 18:39, "Olu Akindeinde" wrote:
> Hi,
>
> I have noticed that the --start and --stop options are not obeyed when I
use
> them. Any ideas?
>
> Thanks
-
Hi,
I have noticed that the --start and --stop options are not obeyed when I use
them. Any ideas?
Thanks
--
5 Ways to Improve & Secure Unified Communications
Unified Communications promises greater efficiencies for busine
Marek,
This should be dealt now, please svn update and retry.
Bernardo
On 21 July 2011 10:37, Bernardo Damele A. G. wrote:
> Hi,
>
> Please, try to append an asterisk, *, to the parameter value you want
> to inject to.
> However, url-encoding the equal character in the parameter value
> should
Hi,
Please, try to append an asterisk, *, to the parameter value you want
to inject to.
However, url-encoding the equal character in the parameter value
should not cause a problem. As it seems that it does, we will track
down the bug and fix accordingly. Thanks for reporting.
Bernardo
On 21 Jul
Hi all,
we've found one rather common webapp that has SQLi "by design".
Example URL: http://hostname/query?param1=value1&where=[FILTER]
My problem is that sqlmap doesn't identify the "where" as parameter as
long as it's value contains an equal-char, e.g.
"where=column%3D[Integer]". But "where=col
