Re: [sqlmap-users] A thought about boolean based injection

Sat, 07 Jul 2012 02:45:39 -0700 

Hi.

We had that one but we removed it (actually I am the one that did it).
Please take a close look at
https://github.com/sqlmapproject/sqlmap/issues/70.

Kind regards,
Miroslav Stampar

On Sat, Jul 7, 2012 at 11:19 AM, <d...@alcor.se> wrote:

> So, I came to think about this scenario, and I haven't been able to
> really get it to work with sqlmap.
>
> You have a page where, when injecting something like ?someparam=1' AND
> 1='1 gives you the "normal expected page" (like a news article or
> something).
> And ?someparam=1' AND 1='2 gives you the exact same page, but with an
> extra line of text saying something (like an error or a debug message
> for example).
>
> So, the first one would give
>
> "This is a news message"
>
> While the second, false statement, would give
>
> "[Debug, something went wrong, blabla etc]
> This is a news message"
>
>
> How would I go about getting sqlmap to recognize that as a regular
> boolean based injection?
> It can use a time based injection in this case, but I want it to see
> the other alternative as well, as I know it is there.
>
> Is this somehow possible?
>
>
>
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> sqlmap-users mailing list
> sqlmap-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>



-- 
Miroslav Stampar
http://about.me/stamparm

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users

Reply via email to