Hi list,

I'm having trouble exploiting an SQLi in an ORDER BY clause with sqlmap.
Manually I can inject using a construct like "(CASE WHEN 'a'='b' THEN
t.bar ELSE (SELECT BENCHMARK(1000000,MD5(1))) END)" where t.bar is a
correct column name and then altering the boolean clause. Unfortunately
the target server responds pretty slowly, so a manual extraction is
gonna be agonizingly slow.

Just passing the target URL to sqlmap (yesterday's build 4938), sqlmap
wont find an injection using level 3. I also tried passing my manual
vector as prefix/suffix (--prefix="(CASE WHEN 'a'='" --suffix="' THEN
t.bar ELSE (SELECT BENCHMARK(1000000,MD5(1))) END)") but without avail.
Any ideas or suggestions?

Cheers
Dennis

------------------------------------------------------------------------------
Better than sec? Nothing is better than sec when it comes to
monitoring Big Data applications. Try Boundary one-second 
resolution app monitoring today. Free.
http://p.sf.net/sfu/Boundary-dev2dev
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users

Reply via email to