So, I came to think about this scenario, and I haven't been able to really get it to work with sqlmap.
You have a page where, when injecting something like ?someparam=1' AND 1='1 gives you the "normal expected page" (like a news article or something). And ?someparam=1' AND 1='2 gives you the exact same page, but with an extra line of text saying something (like an error or a debug message for example). So, the first one would give "This is a news message" While the second, false statement, would give "[Debug, something went wrong, blabla etc] This is a news message" How would I go about getting sqlmap to recognize that as a regular boolean based injection? It can use a time based injection in this case, but I want it to see the other alternative as well, as I know it is there. Is this somehow possible? ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ sqlmap-users mailing list sqlmap-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/sqlmap-users
