Hi.
It's strange. I would need a traffic file (-t traffic.txt --flush-session)
for that case to tell you what's happening.
Kind regards,
Miroslav Stampar
On Jul 7, 2012 9:19 PM, "a nice guy" <ae9b7f211e23...@tormail.org> wrote:
> Hello,
>
> I have some questions regarding union injections that google didn't
> answer.
> The scenario is the following:
>
> MySQL 5.0 and error messages are shown
> "SELECT col1 as val,col2 FROM dummtyable WHERE col3=".$id ." ORDER BY
> col2 DESC LIMIT 1"
>
> The outputs of the query are not shown.
>
>
> Sqlmap detects a error-based vulnerability and the union injection
> with two columns but it's unable to exploit the union injection. I
> already tried --union-char several times, it's always the same result.
> Is there a way to exploit it though there is no output of the query?
>
>
> kind regards,
> a nice guy
>
>
>
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> sqlmap-users mailing list
> sqlmap-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
