Hi,

recently I had a union based sqli vulnerability that sqlmap was not able
to detect (I'm not sure if I used --level=4 but I think so).

After having a look at sqlmap's requests by routing them through a proxy
I saw that the only difference between my manual tests and sqlmap's was
that sqlmap used "union all select" and I used "union select"
and it was only detectable/exploitable using "union select".

My quick and dirty 'fix' was to do a automatic on-the-fly search and
replace of sqlmap's traffic with burp (replacing "union all select" with
"union select"), but I wanted to share this case with you  and I thought
you might want to add some "union select" testcases if there are none.
(I'm sorry I don't remember the DBMS in question - it probably was mssql
but I'm not sure anymore.)

kind regards,
buawig

------------------------------------------------------------------------------
Keep Your Developer Skills Current with LearnDevNow!
The most comprehensive online learning library for Microsoft developers
is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
Metro Style Apps, more. Free future releases when you subscribe now!
http://p.sf.net/sfu/learndevnow-d2d
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users

Reply via email to