Hi there is some problems with sqlmap. At first only SQL comment character
which is used is #. I tried editing xml/queries.xml manually to enforce using
-- because in some situations injections with # or /* did'nt working. So
nothing happened after editing, and thats why i cant use it successfuly, but
there is union injection 100%. Second. Some code implies sending http response
header in blind injecton when appears false situation. For example,
http://url/script?id=1 and 1=1 Response code:200(OK) but when
http://url/script?id=1 and 1=0 Response code (404)not found etc. This really
kicks sqlmap out of mission immediatly.
Tested on sqlmap/0.9(stable) and sqlmap/1.0-dev (r3849)
Python 2.7
Thanks for a great work :)
------------------------------------------------------------------------------
WhatsUp Gold - Download Free Network Management Software
The most intuitive, comprehensive, and cost-effective network
management toolset available today. Delivers lowest initial
acquisition cost and overall TCO of any competing solution.
http://p.sf.net/sfu/whatsupgold-sd
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
