subject:"Re\: \[sqlmap\-users\] Add simple SELECT payload"

Re: [sqlmap-users] Add simple SELECT payload

2012-05-07 Thread Miroslav Stampar

Hi Till. --select-payload "')) UNION SELECT '1', NULL,([PAYLOAD]), '3'-- x" would be something that would not be used often for sure. Also, small percentage of users even know what's [PAYLOAD]. I know what you are referring to, and I believe that there are similar cases that could be "treated" t

Re: [sqlmap-users] Add simple SELECT payload

2012-05-07 Thread Till Maas

Hi, On Mon, May 07, 2012 at 11:56:58AM +0200, Miroslav Stampar wrote: > Are you maybe referring to the case where MSSQL integer column is > injectable manifesting conversion errors when arbitrary SELECT used? no. I have got an application where a parameter is injectable, but there are certain co

Re: [sqlmap-users] Add simple SELECT payload

2012-05-07 Thread Miroslav Stampar

Hi Till. Are you maybe referring to the case where MSSQL integer column is injectable manifesting conversion errors when arbitrary SELECT used? e.g. id=(SELECT 'abc') -> something like: bad conversion of 'abc' to integer value We do have such a payload, named: Microsoft SQL Server/Sybase error-b