Hi Borja.
The error itself doesn't prove anything.
You'll have to either:
1) find a valid injection manually and report back so we could fix the
sqlmap (if needed)
or
2) send us a traffic file which you can get with -t traffic.txt
Kind regards,
Miroslav Stampar
On Thu, Jan 5, 2012 at 4:52 PM, Borja Berastegui
<borjaberaste...@gmail.com>wrote:
> Hi !
>
> Is my first mail to this list, as I'm an active user of the software I had
> to start mailing here someday so... here is my question:
>
> I've found a MySQL error on a website (by a modification in the URL) that
> throws me this:
>
> Warning: mysql_fetch_array(): supplied argument is not a valid MySQL
> result resource in /home/virtual/thewebsite.com/web/news/index.php on
> line 11
>
> The syntax of the url is '' http://www.thewebsite.com/news/today/*/'' and
> in the normal state of the URL there is a number (of the news page shown)
> where I have writen the *.
>
> If I write anything that is not a number it returns me the error.
>
> Im having to problems here:
>
> First one is that I'm not sure if im doing right the URI inyection with
> sqlmap because i've found 3 URI inyections in diferent places but without
> success. (Im using the * to show the tool where to test)
>
> And the other one is that I'm not really sure if that error shows a really
> exploitable flaw.
>
> Sqlmap, by using the * wildcard, throws some possible UNION exploitable
> points, but are discarded when finished the tests. I have tried also with
> --union-char switch with different characters.
>
> Sorry for all this text, hope you could help me a bit :S
>
> Thanks !
>
>
> ------------------------------------------------------------------------------
> Ridiculously easy VDI. With Citrix VDI-in-a-Box, you don't need a complex
> infrastructure or vast IT resources to deliver seamless, secure access to
> virtual desktops. With this all-in-one solution, easily deploy virtual
> desktops for less than the cost of PCs and save 60% on VDI infrastructure
> costs. Try it free! http://p.sf.net/sfu/Citrix-VDIinabox
> _______________________________________________
> sqlmap-users mailing list
> sqlmap-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>
--
Miroslav Stampar
http://about.me/stamparm
------------------------------------------------------------------------------
Ridiculously easy VDI. With Citrix VDI-in-a-Box, you don't need a complex
infrastructure or vast IT resources to deliver seamless, secure access to
virtual desktops. With this all-in-one solution, easily deploy virtual
desktops for less than the cost of PCs and save 60% on VDI infrastructure
costs. Try it free! http://p.sf.net/sfu/Citrix-VDIinabox
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
