Hi.
We are continuously testing sqlmap in similar conditions and haven't
noticed similar issue(s).
What technique is involved (in first case)? Are you able to retrieve any
data with it?
What does "SQL_INJECTION_UNION_CONDITION" means??
Can you please send a content of a traffic files for both cases (-t
traffic.txt)? If it's an union technique involved (I guess that from that
SQL_INJECTION_UNION_CONDITION) I'll be able to tell you exactly what is
going on from traffic files.
Kind regards,
Miroslav Stampar
On Fri, Aug 2, 2013 at 4:35 PM, rkas solutions <rkas.soluti...@gmail.com>wrote:
> Hello Team,
>
> Below test works fine and produces the expected results in SQLMAP output -
> Test Passed and performs SQL Injection
> python sqlmap.py -u "
> http://unix_server:8000/absolute_uri_path_from_burp&where=&addwhere=&criterion=SQL_INJECTION_UNION_CONDITION";
> --cookie=JSESSIONID=values --dbms=Oracle --dbs -p "criterion"
>
> But the below test which is same as above but the only change is the
> server location, now pointed to localhost -- Test failed and did not
> perform SQL Injection
> python sqlmap.py -u "
> http://localhost:8888/absolute_uri_path_from_burp&where=&addwhere=&criterion=SQL_INJECTION_UNION_CONDITION";
> --cookie=JSESSIONID=values --dbms=Oracle --dbs -p "criterion"
>
> Only difference is, when attempting to inject via localhost, DB is still
> the same which is located in the UNIX server so the connection time is more
> through the localhost. Increased SQLMAP --timeout and also tried --time-sec
> options, but not successful. Any suggestions.
>
> Thanks
>
> Ram
>
>
>
>
> ------------------------------------------------------------------------------
> Get your SQL database under version control now!
> Version control is standard for application code, but databases havent
> caught up. So what steps can you take to put your SQL databases under
> version control? Why should you start doing it? Read more to find out.
> http://pubads.g.doubleclick.net/gampad/clk?id=49501711&iu=/4140/ostg.clktrk
> _______________________________________________
> sqlmap-users mailing list
> sqlmap-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>
--
Miroslav Stampar
http://about.me/stamparm
------------------------------------------------------------------------------
Get your SQL database under version control now!
Version control is standard for application code, but databases havent
caught up. So what steps can you take to put your SQL databases under
version control? Why should you start doing it? Read more to find out.
http://pubads.g.doubleclick.net/gampad/clk?id=49501711&iu=/4140/ostg.clktrk
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
