No. One working UNION payload produced by yourself.
Bye
On Feb 9, 2015 5:14 PM, "Vojtěch Polášek" <krec...@gmail.com> wrote:
> Hi,
> thanks for your reply.
> What do you mean by one working union payload?
> Do you mean payload which causes sqlmap to report URL as being union
> injectable?
> Thank you very much,
> Vojta
>
>
>
>
> On 9.2.2015 13:23, Miroslav Stampar wrote:
>
> As Brandon said, one of columns could be "picky" about the "test" values
> being used. We use either NULLs or integer values (e.g. 1) and this works
> quite well in majority of situations (auto-casting and stuff).
>
> Also, there is a possibility that ORDER BY mechanism is triggering some
> results, while the UNION query is not possible to achieve. I would suggest
> you to find one working UNION payload and report back.
>
> Bye
>
> On Mon, Feb 9, 2015 at 12:08 AM, Brandon Perry <bperry.volat...@gmail.com>
> wrote:
>
>> The application could be requiring one of the columns to be in a certain
>> format (perhaps a date, or serialized object) in order to be brought to the
>> UI. Just sending and int/string or a NULL causes the SQL query to succeed,
>> but the app throws an error due to the data not being formatted as expected.
>>
>> On Sun, Feb 8, 2015 at 4:08 PM, Vojtěch Polášek <krec...@gmail.com>
>> wrote:
>>
>>> Greetings,
>>> I am doing some pentesting for a corporation.
>>> I am testing some GET parameter of their web application and I encounter
>>> a strange issue.
>>> The URL seems to be injectable as sqlmap states, but at the end it says
>>> that it is not injectable.
>>> Here is a link to the log with verbosity level 3. Due to confidentiality
>>> reasons, I can't provide you with actual requests or responses.
>>>
>>> http://cloud.vojtapolasek.eu/public.php?service=files&t=2c68ef52ac55edb53770c9d5be403bae
>>> What might be the problem?
>>> I am running Sqlmap 1.0dev-nongit-20150111 from Blackarch repository of
>>> Arch Linux.
>>> Thank you very much for your opinions,
>>> Vojta
>>>
>>>
>>> ------------------------------------------------------------------------------
>>> Dive into the World of Parallel Programming. The Go Parallel Website,
>>> sponsored by Intel and developed in partnership with Slashdot Media, is
>>> your
>>> hub for all things parallel software development, from weekly thought
>>> leadership blogs to news, videos, case studies, tutorials and more. Take
>>> a
>>> look and join the conversation now. http://goparallel.sourceforge.net/
>>> _______________________________________________
>>> sqlmap-users mailing list
>>> sqlmap-users@lists.sourceforge.net
>>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>>>
>>
>>
>>
>> --
>> http://volatile-minds.blogspot.com -- blog
>> http://www.volatileminds.net -- website
>>
>>
>> ------------------------------------------------------------------------------
>> Dive into the World of Parallel Programming. The Go Parallel Website,
>> sponsored by Intel and developed in partnership with Slashdot Media, is
>> your
>> hub for all things parallel software development, from weekly thought
>> leadership blogs to news, videos, case studies, tutorials and more. Take a
>> look and join the conversation now. http://goparallel.sourceforge.net/
>> _______________________________________________
>> sqlmap-users mailing list
>> sqlmap-users@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>>
>>
>
>
> --
> Miroslav Stampar
> http://about.me/stamparm
>
>
>
>
> ------------------------------------------------------------------------------
> Dive into the World of Parallel Programming. The Go Parallel Website,
> sponsored by Intel and developed in partnership with Slashdot Media, is
> your
> hub for all things parallel software development, from weekly thought
> leadership blogs to news, videos, case studies, tutorials and more. Take a
> look and join the conversation now. http://goparallel.sourceforge.net/
> _______________________________________________
> sqlmap-users mailing list
> sqlmap-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>
------------------------------------------------------------------------------
Dive into the World of Parallel Programming. The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net/
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
