There are times when the query being executed is something like:
*'SELECT content FROM pages WHERE ID=' . $_GET['page_id'] . ' LIMIT 1'*
I have noticed support for double quotes but sqlmap did not seem to be able
to exploit a sample web app I setup locally that did not use quotes. The
command I used was:
*./sqlmap.py -u http://localhost/numeric_injection.php?id=1
<http://localhost/numeric_injection.php?id=1> --level 5 --risk 3 -v2
--threads 5 --dbms mysql --random-agent -o --dump-all*
Is there something wrong with the way commentI am running sqlmap or is this
just not a feature yet?
------------------------------------------------------------------------------
HPCC Systems Open Source Big Data Platform from LexisNexis Risk Solutions
Find What Matters Most in Your Big Data with HPCC Systems
Open Source. Fast. Scalable. Simple. Ideal for Dirty Data.
Leverages Graph Analysis for Fast Processing & Easy Data Exploration
http://p.sf.net/sfu/hpccsystems
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
