As Rodrigo stated correctly, you can use -C to specify column names
manually.
For forcing sqlmap to requery certain results you can use --fresh-queries.
Bye
p.s. thx for donation :)
p.p.s. I am glad that you managed to use tamper scripts to bypass IPS/WAF
On Sep 25, 2014 8:04 PM, "Rodrigo Zanatt
well, about the column, it is possible, I think, use the
> -D DB DBMS database to enumerate
> -T TBL DBMS database table(s) to enumerate
> -C COL DBMS database table column(s) to enumerate
> -X EXCLUDECOL DBMS database table column(s) t
Hi Miroslav
Thanks for your time and for sqlmap. I hope you got the donation :)
By now I figured out what it was: an IPS. Had to
--tamper=caseselect,charencode where caseselect is just a simple
.replace("SELECT","sElEcT"). What a stupid IPS.
Is there any way to correct errors that sqlmap is gett
Hi.
This looks like a permission problem while reading system tables. That
would explain why DB_NAME() works and everything else fails.
Bye
On Sep 23, 2014 4:27 PM, "floyd" wrote:
> Hi everybody
>
> I'm doing a Pentest and I'm able to do a time based blind sql injection
> on a very big database