Hi,

I'm checking that sqlmap can't work with this injection, or maybe I can't
see the correct option.

Injection is like this:

Original URL:
http://10.0.17.252/stat.php?id=534&key=a4d80eac9ab26a4a2da04125bc2c096a

Injection:
http://10.0.17.252/stat.php?id=534' AND
'1'='1&key=a4d80eac9ab26a4a2da04125bc2c096a

The problem is that mysql user can't run UNION SELECT, so if I run sqlmap
detect injection but shows nothing.

Maybe is a good idea implement a bruteforce attack to retrieve columns.

Example:
http://10.0.17.252/stat.php?id=534' AND `name` LIKE
'%&key=a4d80eac9ab26a4a2da04125bc2c096a => Shows normal page, then `name`
columns exist.
http://10.0.17.252/stat.php?id=534' AND `name2` LIKE
'%&key=a4d80eac9ab26a4a2da04125bc2c096a => Shows "Wrong query", so this
columns don't exist.

I tried with --common-columns, but needs the name of the table, and we don't
know this value.

It's only a idea.

Thanks for all.
------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure contains a
definitive record of customers, application performance, security
threats, fraudulent activity and more. Splunk takes this data and makes
sense of it. Business sense. IT sense. Common sense.
http://p.sf.net/sfu/splunk-d2dcopy1
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users

Reply via email to