Hi Korius, I have created an issue for this, https://github.com/sqlmapproject/sqlmap/issues/97.
Bernardo On 4 April 2012 10:34, Korius <korius_...@yahoo.com> wrote: > Hi list, > > I'm having trouble exploiting an SQLi in an ORDER BY clause with sqlmap. > Manually I can inject using a construct like "(CASE WHEN 'a'='b' THEN > t.bar ELSE (SELECT BENCHMARK(1000000,MD5(1))) END)" where t.bar is a > correct column name and then altering the boolean clause. Unfortunately > the target server responds pretty slowly, so a manual extraction is > gonna be agonizingly slow. > > Just passing the target URL to sqlmap (yesterday's build 4938), sqlmap > wont find an injection using level 3. I also tried passing my manual > vector as prefix/suffix (--prefix="(CASE WHEN 'a'='" --suffix="' THEN > t.bar ELSE (SELECT BENCHMARK(1000000,MD5(1))) END)") but without avail. > Any ideas or suggestions? > > Cheers > Dennis > > ------------------------------------------------------------------------------ > Better than sec? Nothing is better than sec when it comes to > monitoring Big Data applications. Try Boundary one-second > resolution app monitoring today. Free. > http://p.sf.net/sfu/Boundary-dev2dev > _______________________________________________ > sqlmap-users mailing list > sqlmap-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/sqlmap-users -- Bernardo Damele A. G. E-mail / Jabber: bernardo.damele (at) gmail.com Mobile: +447788962949 (UK 07788962949) ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ sqlmap-users mailing list sqlmap-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/sqlmap-users
