Hello All,
Is it possible to make injection in Basic Auth information ?
I am in this situation :
On the Basic Auth login if i put :
x' AND 1=(SELECT COUNT(*) FROM users); --
I have as reply :
*You have an error in your SQL syntax; check the manual that corresponds to
your MySQL server version for the right syntax to use near '--' AND pass =
'test'' at line 1*
On the Basic Auth Pass if i put the same :
x' AND 1=(SELECT COUNT(*) FROM users); --
I have as reply :
*You have an error in your SQL syntax; check the manual that corresponds to
your MySQL server version for the right syntax to use near '--'' at line 1*
As I am kind of bad in SQL Query, I try to automate with SQLMap with this
command :
./sqlmap.py -u http://test.com/folder/file.php --auth-type=Basic
--auth-cred=*:admin --level=5 --risk=3 --user-agent="Mozilla/4.0
(compatible; MSIE 7.0; Windows NT 5.1)"
It stop on : not authorized, try to provide right HTTP authentication type
and valid credentials (401)
Is there a way to make it anyway ?
Regards
DNC
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
