Hi Stephen.
There is really a problem here. Could you please update to the latest
revision and do the:
... --flush-session -t traffic.txt -v 3
and send back new session file. It seems that for some reason sqlmap is
doing only one type of boundaries in your case (skipping this simple: ') ...
Als
Hi,
This is the HTML from a manual request with sesh cookie set
to ')%20UNION%20select%201,2,3,4%20--%20
My Account - Customer Care Centre - Acme Power Co
Home / Login -
My Account -
Contact Support -
CCC
Opening Hours -
Logout;
Hi, 2! Have a token: 86a2
Hi Stephen.
>From this traffic file it's not really clear if this is exploitable by any
mean more than time-based.
Could you please send the response you get when you "manually exploit" it
with the payload you've mentioned:
"sesh=')%20UNION%20select%201,2,3,4%20--%20" ?
Kind regards,
Miroslav St
Hi.
In that case could you please send the sqlmap traffic file got by using -t
traffic.txt along with your standard switches/options?
Kind regards,
Miroslav Stampar
On Sat, Sep 15, 2012 at 12:09 AM, Stephen Shkardoon wrote:
> Hi,
>
> Sorry, my mistake. I just copied the line and altered it to s
Hi,
Sorry, my mistake. I just copied the line and altered it to show that the
cookie was being used. In the real script, there was no parse error.
Nonetheless, sqlmap cannot pull out results.
Thanks
ss23
On Sat, Sep 15, 2012 at 9:55 AM, Miroslav Stampar <
miroslav.stam...@gmail.com> wrote:
> Hi
Hi.
I am not sure how are you able to "definitely able to pull out results" as
as I can see the problem lies in used PHP (enclosed pair of single quotes
with another pair of single quotes):
Bad:
$res = mysql_query("SELECT userid, custname, custemail, owing FROM custdata
AS cd WHERE cd.userid = (S
Hi all,
Trying to do a (simple) injection with sqlmap, and I can't seem to coax it
into getting it right.
The PHP source looks something like:
$res = mysql_query("SELECT userid, custname, custemail, owing FROM custdata
AS cd WHERE cd.userid = (SELECT userid FROM ccc_users AS cu WHERE sessionid
=
