I did not read your first email, so ignore my blitherings :)
On Fri, Mar 21, 2014 at 1:16 PM, Brandon Perry wrote:
> Brian,
>
> I expect the program is taking the input for username and truncating it,
> so ZAP sees the injection going in and a successful auth afterwards and
> assumes the payload
Brian,
I expect the program is taking the input for username and truncating it, so
ZAP sees the injection going in and a successful auth afterwards and
assumes the payload worked. I think this is a poor assumption to make.
On Fri, Mar 21, 2014 at 1:11 PM, Miroslav Stampar <
miroslav.stam...@gmai
There is always a 302 redirect, so I am not sure how ZAP detected this as a
SQLi.
Kind regards,
Miroslav Stampar
On Fri, Mar 21, 2014 at 3:19 PM, Brian Olson wrote:
> Thanks for the quick response, Miroslav and Bernardo. It's very much
> appreciated! There is a UNION technique that is being
On 21 March 2014 11:57, Bernardo Damele A. G. wrote:
> [...]
> All in all, can you please relaunch sqlmap (make sure you run git pull
> first to sync to the GitHub repository) with the following syntax:
Command line:
python sqlmap.py -u "http://172.16.71.138:7879/index.php";
--data="act=auth-log
Hi Brian,
We do use INTO DUMPFILE to write files on the file system when the
database is MySQL. This works if stacked queries (nested queries) SQLi
technique is supported, which is not the case against a PHP
application with MySQL back-end. When stacked queries is not possible
and the back-end is
Hi.
--file-write requires union or stacked techniques to be available. In case
of --os-shell we also use INTO OUTFILE technique which is pretty dirty (in
most of cases you can expect original results appearing in the first couple
of lines). Option --file-write in our case should produce a "clean"
Hello Everyone,
I'm attempting to use sqlmap to exploit a local installation of some
software. I know it's vulnerable because it's on exploit-db & metasploit
pops it every time (http://www.exploit-db.com/exploits/20501/). I've had
limited success with sqlmap, but I'm at the final stage now where
