Re: [sqlmap-users] Union injectable or not

Sun, 08 Feb 2015 15:09:07 -0800 

The application could be requiring one of the columns to be in a certain
format (perhaps a date, or serialized object) in order to be brought to the
UI. Just sending and int/string or a NULL causes the SQL query to succeed,
but the app throws an error due to the data not being formatted as expected.

On Sun, Feb 8, 2015 at 4:08 PM, Vojtěch Polášek <krec...@gmail.com> wrote:

> Greetings,
> I am doing some pentesting for a corporation.
> I am testing some GET parameter of their web application and I encounter
> a strange issue.
> The URL seems to be injectable as sqlmap states, but at the end it says
> that it is not injectable.
> Here is a link to the log with verbosity level 3. Due to confidentiality
> reasons, I can't provide you with actual requests or responses.
>
> http://cloud.vojtapolasek.eu/public.php?service=files&t=2c68ef52ac55edb53770c9d5be403bae
> What might be the problem?
> I am running Sqlmap 1.0dev-nongit-20150111 from Blackarch repository of
> Arch Linux.
> Thank you very much for your opinions,
> Vojta
>
>
> ------------------------------------------------------------------------------
> Dive into the World of Parallel Programming. The Go Parallel Website,
> sponsored by Intel and developed in partnership with Slashdot Media, is
> your
> hub for all things parallel software development, from weekly thought
> leadership blogs to news, videos, case studies, tutorials and more. Take a
> look and join the conversation now. http://goparallel.sourceforge.net/
> _______________________________________________
> sqlmap-users mailing list
> sqlmap-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>



-- 
http://volatile-minds.blogspot.com -- blog
http://www.volatileminds.net -- website

------------------------------------------------------------------------------
Dive into the World of Parallel Programming. The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net/
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users

Reply via email to