[sqlmap-users] Stack query detection misbehavior

Hi, I have found out a misbehavior in the detection phase, sqlmap detects a stack query injectable with the following request: POST /path abc=%27%29%3B%20SELECT%20SLEEP%285%29--%20 However, when Sqlmap checks if the injection point is a false positive, it's using the following payload: abc=%27%29

Re: [sqlmap-users] Blind SQL injection in Header

redirection (with other potential strings). > > Kind regards > On 17.12.2012. 22:12, "David Alvarez" wrote: > >> Hello, >> >> I detected a blind SQL injection in a MySQL database. The difference >> between its responses its in the Location HTTP header. Bu

[sqlmap-users] Blind SQL injection in Header

Hello, I detected a blind SQL injection in a MySQL database. The difference between its responses its in the Location HTTP header. But, when I set the "string" switch, sqlmap doesn`t recognize a true statement. Is sqlmap looking at http header? Thanks. Kind Regads, David Álvarez

Re: [sqlmap-users] End string DB2

* File "/home/user/sqlmap-dev/lib/techniques/blind/inference.py", line 497, in bisection* *val = getChar(index, asciiTbl)* * File "/home/user/sqlmap-dev/lib/techniques/blind/inference.py", line 214, in getChar* *unescapedCharValue = unescaper.unescape(markingValue % decodeI

[sqlmap-users] End string DB2

ld I resolve it? Regards, David Alvarez -- Try before you buy = See our experts in action! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CS

Re: [sqlmap-users] Update query

Hi Bernardo, Thank you very much for the quick reply. On Tue, Nov 8, 2011 at 2:58 PM, Bernardo Damele A. G. < bernardo.dam...@gmail.com> wrote: > Hi David, > > On 8 November 2011 13:13, David Alvarez wrote: > > ... > > The problem is that sqlmap is not able to dete

[sqlmap-users] Update query

Hello, I detected a simple sql injection in an update query. The vulnerable functionality locks items of a list. An example of the vulnerable parameter is: A) vuln_param=1 AND 1=1 B) vuln_param=1 AND 1=0 The problem is that sqlmap is not able to detect differences because when sqlmap execute A)

Re: [sqlmap-users] sqlmap through proxy

Hi, @buawig Thank you for your help. You understood me! @Miroslav Thank you very much for the patch kind regards From: Miroslav Stampar http://gmane.org/get-address.php?address=miroslav.stampar%2dRe5JQEeQqe8AvxtiuMwx3w%40public.gmane.org> > Subject: Re: sqlmap through proxy

[sqlmap-users] sqlmap through proxy

lve this problem? Thank you very much. Kind Regards, David Alvarez -- EditLive Enterprise is the world's most technically advanced content authoring tool. Experience the power of Track Changes, Inline Image E

[sqlmap-users] A suggestion for blind SQL injection

is not able to extract data. The method that I used to extract was very slow: changing boolean condition from A > B to A = B. So, this is a possible kind of method to extract data when '<>' characters are filtered. I don't know if there are other quickest methods, else it c