Hi.
I believe that you are doing something wrong (at PHP side). Can you please
post the complete PHP used in your case? Also, do you get anything when you
use --parse-errors?
Kind regards,
Miroslav Stampar
On Mon, Jun 16, 2014 at 4:12 PM, Nikola Tesla <735te...@gmail.com> wrote:
> There are times when the query being executed is something like:
> *'SELECT content FROM pages WHERE ID=' . $_GET['page_id'] . ' LIMIT 1'*
>
> I have noticed support for double quotes but sqlmap did not seem to be
> able to exploit a sample web app I setup locally that did not use quotes.
> The command I used was:
> *./sqlmap.py -u http://localhost/numeric_injection.php?id=1
> <http://localhost/numeric_injection.php?id=1> --level 5 --risk 3 -v2
> --threads 5 --dbms mysql --random-agent -o --dump-all*
>
> Is there something wrong with the way commentI am running sqlmap or is
> this just not a feature yet?
>
>
>
> ------------------------------------------------------------------------------
> HPCC Systems Open Source Big Data Platform from LexisNexis Risk Solutions
> Find What Matters Most in Your Big Data with HPCC Systems
> Open Source. Fast. Scalable. Simple. Ideal for Dirty Data.
> Leverages Graph Analysis for Fast Processing & Easy Data Exploration
> http://p.sf.net/sfu/hpccsystems
> _______________________________________________
> sqlmap-users mailing list
> sqlmap-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>
--
Miroslav Stampar
http://about.me/stamparm
------------------------------------------------------------------------------
HPCC Systems Open Source Big Data Platform from LexisNexis Risk Solutions
Find What Matters Most in Your Big Data with HPCC Systems
Open Source. Fast. Scalable. Simple. Ideal for Dirty Data.
Leverages Graph Analysis for Fast Processing & Easy Data Exploration
http://p.sf.net/sfu/hpccsystems
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
