Oh nevermind, I was using an HTTP request loaded from a file, but using the
-u parameter seems to work fine.
Thanks anyway.
2015-02-19 22:38 GMT+01:00 Loïc THOMAS :
> Hi.
>
> SQLmap wouldn't detect an injection though manually it works perfectly.
> It is on a post request.
>
> Using this value wi
Hi.
SQLmap wouldn't detect an injection though manually it works perfectly.
It is on a post request.
Using this value will display the page :
id=75102' and (select user()) ='root@localhost' #
Replacing 'root' by anything else won't work (except for the same in
uppercase, it seems the charset is
This has been replied earlier. That "bug" was "neutralized".
Kind regards
On Thu, Jan 29, 2015 at 10:23 AM, sad fastfood wrote:
> Hi!
> Thanks for the greatest tool!
> I've found some problem in latest revision of sqlmap.
> If you will run something like:
> *sqlmap.py -u "http://www.google.com/
Hello.
I wonder if SQLMAP support vulnerable sites to "Time-Based Blind SQL Injection
using Heavy Queries" ???
For example:
//
informatica64.com/blind2/pista.aspx?id_pista=1
and (SELECT count(*) FROM sysusers AS sys1, sysusers as sys2, sysusers
as sys3, sysusers AS sys4, sysusers AS sy
Hi!
Thanks for the greatest tool!
I've found some problem in latest revision of sqlmap.
If you will run something like:
sqlmap.py -u "http://www.google.com/news.php?id=5+OR+(4=4)" --skip-urlencode --random-agent --tamper=space2plus --technique=BSU -v 3 --dbms=mssql
And answer 'y' here:
[09:1
