Give it a go to --string or --regexp. Pass your requests through an HTTP proxy and see what happens, -v 3 could also give you a clue.
Bernardo On 9 November 2011 06:13, <night...@email.de> wrote: > Hi > > I have a problem with sqlmap. When i run sqlmap -u > "http://website/notices/terms.php?co=ar"; -random-agent --retries=6 --level 5 > --risk 3 -f -b --dbms=mysql. sqlmap can´t find the injection point at > co=ar I ran this target with another 2 programms they found the the point > and i can get all the data from the DB. It is a Blind sql injection. I tryed > with drop-cookie preffix suffix text-only nothing helps everytime the same > not injecetable. Any suggestion ??? > > http://website/notices/terms.php?co=ar' and ${condition} and '1'='1 This is > the worked injection. > > My sqlmap version is sqlmap/1.0-dev (r4489) Its Mysql 5 > ------------------------------------------------------------------------------ > RSA(R) Conference 2012 > Save $700 by Nov 18 > Register now > http://p.sf.net/sfu/rsa-sfdev2dev1 > _______________________________________________ > sqlmap-users mailing list > sqlmap-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Bernardo Damele A. G. E-mail / Jabber: bernardo.damele (at) gmail.com Mobile: +447788962949 (UK 07788962949) PGP Key ID: Unavailable ------------------------------------------------------------------------------ RSA(R) Conference 2012 Save $700 by Nov 18 Register now http://p.sf.net/sfu/rsa-sfdev2dev1 _______________________________________________ sqlmap-users mailing list sqlmap-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/sqlmap-users
