Hi, recently I had a union based sqli vulnerability that sqlmap was not able to detect (I'm not sure if I used --level=4 but I think so).
After having a look at sqlmap's requests by routing them through a proxy I saw that the only difference between my manual tests and sqlmap's was that sqlmap used "union all select" and I used "union select" and it was only detectable/exploitable using "union select". My quick and dirty 'fix' was to do a automatic on-the-fly search and replace of sqlmap's traffic with burp (replacing "union all select" with "union select"), but I wanted to share this case with you and I thought you might want to add some "union select" testcases if there are none. (I'm sorry I don't remember the DBMS in question - it probably was mssql but I'm not sure anymore.) kind regards, buawig ------------------------------------------------------------------------------ Keep Your Developer Skills Current with LearnDevNow! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-d2d _______________________________________________ sqlmap-users mailing list sqlmap-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/sqlmap-users