1) "waitfor delay '0:0:0'" makes no delay and ​"waitfor delay '0:0:5'"
makes5 seconds delay and so on.
2) I tried again with --tamper=between​ and sqlmap verified the
vulnerability.
3) using the tor in timebased techniques is not the best choice but I
preferred to be anonymous in pentesting.
Best
For sure it is. sqlmap gives you a huge nagging message in such case
(network latency...blaballa).
Bye
On Mon, Dec 8, 2014 at 12:06 PM, Robin Wood wrote:
> Wouldn't it be a bad idea trying to do a time based attack over Tor?
>
> Robin
>
> On 8 December 2014 at 11:00, Miroslav Stampar
> wrote:
Wouldn't it be a bad idea trying to do a time based attack over Tor?
Robin
On 8 December 2014 at 11:00, Miroslav Stampar
wrote:
> Hi.
>
> 1) Shouldn't "waitfor delay '0:0:0'" make no delay?
> 2) sqlmap says "false positive or unexploitable injection point detected".
> Is there a possibility that
Hi.
1) Shouldn't "waitfor delay '0:0:0'" make no delay?
2) sqlmap says "false positive or unexploitable injection point detected".
Is there a possibility that the character > is filtered?
3) Please run sqlmap with -v 3 and use the payloads that sqlmap tries to
use in "false positive check" phase.
Hi,
There is a website that vulnerable to SQL injection. I have checked and I'm
sure there is blind sql injection vulnerability but the sqlmap could not
find this.
I tried this command:
./sqlmap.py -u 'target' -p search --tor --tor-type=SOCKS5 --random-agent
--risk 3 --level 3 --technique=T --dbm
