Hi.
SQLmap wouldn't detect an injection though manually it works perfectly.
It is on a post request.
Using this value will display the page :
id=75102' and (select user()) ='root@localhost' #
Replacing 'root' by anything else won't work (except for the same in
uppercase, it seems the charset is case insensitive)
I've tried --level 5, but without any success.
This seems pretty simple to me, I mean it's just basically [int]' AND
[payload] [comment]
(Note that # is the only comment I've found working. -- or /* won't work).
DBS is Mysql. I've tried that option too.
Any idea on how to have this to work with sqlmap?
Regards,
Loïc
------------------------------------------------------------------------------
Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
from Actuate! Instantly Supercharge Your Business Reports and Dashboards
with Interactivity, Sharing, Native Excel Exports, App Integration & more
Get technology previously reserved for billion-dollar corporations, FREE
http://pubads.g.doubleclick.net/gampad/clk?id=190641631&iu=/4140/ostg.clktrk
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
