Hi.
You haven't told what were the results of sqlmap running against that
target. sqlmap is trying to use payloads like:
validstring' and 'a'='a
by default. From your description this looks like it could be a MsAccess.
Kind regards,
Miroslav Stampar
On Mon, Sep 16, 2013 at 4:53 AM, Rashmi Singh <rashmis...@gmail.com> wrote:
> I have spent ages to test website with help of sqlmap but no success, so i
> decided to post here for help with experts
>
> Website is vulnerable to blind sql injection, but i want sqlmap to help me
> but i dont know how to make it work by choosing correct sqlmap commandline
> options.
>
> I tell you whole picture of the injection.
>
> There are many post parameters but vulnerable paramater is only one, so
> below is the whole picture
>
> 1) blind sql injection is on https
>
> 2) vulnerable parameter is page_id POST param
>
> 3) blind injection work with following payload only.
>
> page_id=validstring' and 'a'='a
>
> With above payload page loads normally but if i use like below
>
> page_id=validstring' and 'a'='a'--
>
> Or
>
> page_id=validstring' and 'a'='a'#
>
> Or
>
> page_id=validstring' and 'a'='a'--+-
>
> Or
>
> page_id=validstring' and 'a'='a'%00
>
> Or
>
> page_id=validstring' and 'a'='a'/*
>
> Blind just does not work and page does not load normally.
>
> So im not sure how to terminate the query by myself with comments. Because
> no comment is working and i dont know what database is being used by the
> application.
>
> So thats y i want sqlmap to help me.
>
> Please help me with correct sqlmap commands with all correct options so i
> can make it work.
>
> Thank you very much
>
>
> ------------------------------------------------------------------------------
> LIMITED TIME SALE - Full Year of Microsoft Training For Just $49.99!
> 1,500+ hours of tutorials including VisualStudio 2012, Windows 8,
> SharePoint
> 2013, SQL 2012, MVC 4, more. BEST VALUE: New Multi-Library Power Pack
> includes
> Mobile, Cloud, Java, and UX Design. Lowest price ever! Ends 9/20/13.
> http://pubads.g.doubleclick.net/gampad/clk?id=58041151&iu=/4140/ostg.clktrk
> _______________________________________________
> sqlmap-users mailing list
> sqlmap-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>
--
Miroslav Stampar
http://about.me/stamparm
------------------------------------------------------------------------------
LIMITED TIME SALE - Full Year of Microsoft Training For Just $49.99!
1,500+ hours of tutorials including VisualStudio 2012, Windows 8, SharePoint
2013, SQL 2012, MVC 4, more. BEST VALUE: New Multi-Library Power Pack includes
Mobile, Cloud, Java, and UX Design. Lowest price ever! Ends 9/20/13.
http://pubads.g.doubleclick.net/gampad/clk?id=58041151&iu=/4140/ostg.clktrk
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
