Hi. I would say that your application is splitting the page name and using parts of it inside the SQL statement. It's clearly visible that 999999999999999999999999999999999999 was not inside the final SQL statement.
You should maybe try something like this: sqlmap.py -u "http://target/sezione-3-sottosezione-6<http://target/sezione-3-sottosezione-6-pag-1*.htm> * <http://target/sezione-3-sottosezione-6-pag-1*.htm>-pag-1.htm<http://target/sezione-3-sottosezione-6-pag-1*.htm>" --dbms=mysql If that won't work, please find a VALID sql injection payload (blind injection would be the best one) and reply it here. That would really be helpful to find a valid sqlmap command for your case. Kind regards, Miroslav Stampar On Thu, Jan 23, 2014 at 10:02 PM, Marco Mirandola <mmmc...@gmail.com> wrote: > Taking the tests I noticed sqlmap does not find vulnerable spots: > > sqlmap.py -u "http://target/sezione-3-sottosezione-6-pag-1*.htm"; > --dbms=mysql --risk=5 --level=5 > > If I enter the URL in hand : > > http://target > /sezione-3-sottosezione-6-pag-999999999999999999999999999999999999.htm > > The page returns me (among other things): > > Damn, Query fallita! > errorno= 1064 > error= You have an error in your SQL syntax; check the manual that > corresponds to your MySQL server version for the right syntax to use near > '8.0E+36,8' at line 1 > query= SELECT * FROM `rel_contenuti_guida` WHERE id_rel = '6' AND attivo = > '1' ORDER BY posizione ASC LIMIT 8.0E+36,8 > > at this point if I do: > > sqlmap.py -u "http://target/sezione-3-sottosezione-6-pag-1*.htm"; > --dbms=mysql --invalid-bignum > > sqlmap me back: > [WARNING] URI parameter '# 1 *' is not injectable > > -- > > *[image: Descrizione: Descrizione: image002] Rispetta l'ambiente. Non > stampare questa mail se non è necessario* > > *Questa e-mail è riservata compresi gli eventuali allegati. In caso di > ricezione per errore della presente e-mail siete pregati di darne > comunicazione al mittente mediante e-mail di risposta e di cancellare > immediatamente questo messaggio, essendo escluso il consenso in ordine a > qualsiasi tipo di trattamento del suo contenuto e dei relativi allegati. * > > *Vi ringraziamo per la collaborazione. This e-mail and any attachments are > confidential. If you have received this e-mail by mistake, please inform > the sender immediately by reply e-mail and then delete it from your system. > Any processing of this e-mail and its attachments is not authorized. **Thank > you for your cooperation*. > > > ------------------------------------------------------------------------------ > CenturyLink Cloud: The Leader in Enterprise Cloud Services. > Learn Why More Businesses Are Choosing CenturyLink Cloud For > Critical Workloads, Development Environments & Everything In Between. > Get a Quote or Start a Free Trial Today. > > http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk > _______________________________________________ > sqlmap-users mailing list > sqlmap-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar http://about.me/stamparm
<<image002.jpg>>
------------------------------------------------------------------------------ CenturyLink Cloud: The Leader in Enterprise Cloud Services. Learn Why More Businesses Are Choosing CenturyLink Cloud For Critical Workloads, Development Environments & Everything In Between. Get a Quote or Start a Free Trial Today. http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk
_______________________________________________ sqlmap-users mailing list sqlmap-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/sqlmap-users
