I'm not sure about Troy, but I had a similar case recently. I could
control the bit of the query between SELECT and FROM, which could be
exploited either with nested (SELECT)s or by expanding the query with
another FROM [...] UNION SELECT [...] to extend the query. SQLmap did
not find the injection. The DBMS was Oracle.
Cheers
Am 25.07.2012 00:48, schrieb Miroslav Stampar:
>
> Hi Troy.
>
> More info is required for sure.
>
> You mean that you just need a (SELECT...)/subquery type of injection?
> This is something that we are aware that we need to do.
>
> Kind regards,
> Miroslav Stampar
>
> On Jul 24, 2012 11:18 PM, "Troy B" <powercorruptionandl...@gmail.com
> <mailto:powercorruptionandl...@gmail.com>> wrote:
>
> Evening all,
>
> I had an SQL injection into a MySQL5-based web application the
> other week which involved me having control over the column list
> being selected. I tried sqlmap against the URL, but it didn't
> find the injection point. I tried again, taking the --level and
> --risk a little higher, but still nothing.
>
> In the end, I manually exploited it using a sub-select. Was I
> doing something wrong with sqlmap, or will it not identify
> injection points like that? I can provide an example of the query
> the application was using if this helps.
>
> Regards,
>
> Matt
>
>
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond.
> Discussions
> will include endpoint security, mobile security and the latest in
> malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> sqlmap-users mailing list
> sqlmap-users@lists.sourceforge.net
> <mailto:sqlmap-users@lists.sourceforge.net>
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>
>
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
>
>
> _______________________________________________
> sqlmap-users mailing list
> sqlmap-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
