Hi list, I'm having trouble exploiting an SQLi in an ORDER BY clause with sqlmap. Manually I can inject using a construct like "(CASE WHEN 'a'='b' THEN t.bar ELSE (SELECT BENCHMARK(1000000,MD5(1))) END)" where t.bar is a correct column name and then altering the boolean clause. Unfortunately the target server responds pretty slowly, so a manual extraction is gonna be agonizingly slow.
Just passing the target URL to sqlmap (yesterday's build 4938), sqlmap wont find an injection using level 3. I also tried passing my manual vector as prefix/suffix (--prefix="(CASE WHEN 'a'='" --suffix="' THEN t.bar ELSE (SELECT BENCHMARK(1000000,MD5(1))) END)") but without avail. Any ideas or suggestions? Cheers Dennis ------------------------------------------------------------------------------ Better than sec? Nothing is better than sec when it comes to monitoring Big Data applications. Try Boundary one-second resolution app monitoring today. Free. http://p.sf.net/sfu/Boundary-dev2dev _______________________________________________ sqlmap-users mailing list sqlmap-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/sqlmap-users
