Hi Chris,
Against login forms I generally recommend increasing --risk to 3. In
your case the -t traffic.log and -v3 might be of use to debug too.
Bernardo
On 22 January 2012 18:18, Chris Oakley wrote:
> In fact, don't worry about suggestions for manual syntax, t...@test.com'if 1
> = 1 waitfor
In fact, don't worry about suggestions for manual syntax, t...@test.com'if
1 = 1 waitfor delay'0:0:20'-- works so I can work with that. But I wonder
why sqlmap is struggling? Chris
On 22 January 2012 18:12, Chris Oakley wrote:
> Hi
>
> I've got a web app where the username field of the login f
Hi
I've got a web app where the username field of the login form is affected
by the following string: t...@test.com'waitfor delay'0:0:10'-- as a
username; i.e. the delay happens, the app is vulnerable. It will always
then return you to the login screen with an invalid email error, but we
should s
