If use "--forms" the parameter "-p" don't work
Best regards
M.M.
--
*[image: Descrizione: Descrizione: image002] Rispetta l'ambiente. Non
stampare questa mail se non è necessario*
*Questa e-mail è riservata compresi gli eventuali allegati. In caso di
ricezione per errore della presente e-mail
During the crawler, if the parameter is not set thread (so --threads = 1),
you can add a prompt to choose the number of threads?
Best regards
--
*[image: Descrizione: Descrizione: image002] Rispetta l'ambiente. Non
stampare questa mail se non è necessario*
*Questa e-mail è riservata compresi
good morning
Is there a way to show these unicode characters?
[10:42:30] [INFO] using 'P:\webscanner\New folder
(2)\SqlMapwc\trunk\output\resu
lts-02072014_1042am.csv' as the CSV results file in multiple targets mode
sqlmap identified the following injecti
Taking the tests I noticed sqlmap does not find vulnerable spots:
sqlmap.py -u "http://target/sezione-3-sottosezione-6-pag-1*.htm";
--dbms=mysql --risk=5 --level=5
If I enter the URL in hand :
http://target
/sezione-3-sottosezione-6-pag-.htm
The page returns
Hello everyone
I thought of 2 small modifications to the source:
1) If the selected query came out only one record in this case:
*[12:16:30] [INFO] the SQL query provided has more than one field. sqlmap
will now unpack it into distinct queries to be able to retrieve the output
even if we
Hi boys...
I was thinking of an innovation, you can change that when sqlmap enumerates
the users (especially those of mysql) if found in the character meets a "@"
try the next automatically with "localhost"?? for save times?
best regards
Marco Mirandola
2013/5/12 Mir
But rather than check enctype = "multipart / form-data", which in my case
does not include any upload (see attached html), because not only excludes
only the possible upload?
we are in the attached example:
2 select (combobox)
3 checkboxes
both valid for the injection ...
go.gif";
width="55" height="19">
=========
Best regards
Marco Mirandola
--
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security an
[11:23:50] [INFO] the back-end DBMS is MySQL
web server operating system: Windows 2003
web application technology: ASP.NET, Microsoft IIS 6.0, ASP
back-end DBMS: MySQL 5.0
[11:23:50] [INFO] testing if current user is DBA
[11:23:50] [INFO] fetching current user
[11:23:50] [INFO] heuristics detected
Hello sqlMap I thought of an improvement, because when you retrieve the
databases (or tables or columns) does not enumerate the number of the item?
==
current sqlMap
==
[22:15:39] [INFO] the back-end DBMS is Microsoft SQL Ser
Great Miroslav
I give you some advice on optimizing the use of multithreads...
Currently in multi threads sqlMap works like this:
- To enum tables (1 thread)
- Retrieve length table 'I' (1 thread)
- Retrieve name table 'I' (multiple threads)
- Retrieve length table 'II' (1 thread)
- Retrieve name
[22:15:51] [INFO] resuming back-end DBMS 'mysql 5.0.11' from session file
[22:15:51] [INFO] testing connection to the target url
sqlmap identified the following injection points with a total of 0 HTTP(s)
reque
sts:
---
Place: GET
Parameter: id
Type: boolean-based blind
Title: AND boolean-ba
>From this DBMS (MySql 3) SqlMap don't retireve the name of 'Current DB'
[13:38:33] [INFO] resuming back-end DBMS 'mysql 3' from session file
[13:38:33] [INFO] testing connection to the target url
sqlmap identified the following injection points with a total of 0 HTTP(s)
reque
sts:
---
Place: GET
13 matches
Mail list logo
