I have spent ages to test website with help of sqlmap but no success, so i
decided to post here for help with experts
Website is vulnerable to blind sql injection, but i want sqlmap to help me
but i dont know how to make it work by choosing correct sqlmap commandline
options.
I tell you whole picture of the injection.
There are many post parameters but vulnerable paramater is only one, so
below is the whole picture
1) blind sql injection is on https
2) vulnerable parameter is page_id POST param
3) blind injection work with following payload only.
page_id=validstring' and 'a'='a
With above payload page loads normally but if i use like below
page_id=validstring' and 'a'='a'--
Or
page_id=validstring' and 'a'='a'#
Or
page_id=validstring' and 'a'='a'--+-
Or
page_id=validstring' and 'a'='a'%00
Or
page_id=validstring' and 'a'='a'/*
Blind just does not work and page does not load normally.
So im not sure how to terminate the query by myself with comments. Because
no comment is working and i dont know what database is being used by the
application.
So thats y i want sqlmap to help me.
Please help me with correct sqlmap commands with all correct options so i
can make it work.
Thank you very much
------------------------------------------------------------------------------
LIMITED TIME SALE - Full Year of Microsoft Training For Just $49.99!
1,500+ hours of tutorials including VisualStudio 2012, Windows 8, SharePoint
2013, SQL 2012, MVC 4, more. BEST VALUE: New Multi-Library Power Pack includes
Mobile, Cloud, Java, and UX Design. Lowest price ever! Ends 9/20/13.
http://pubads.g.doubleclick.net/gampad/clk?id=58041151&iu=/4140/ostg.clktrk
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
