Oh nevermind, I was using an HTTP request loaded from a file, but using the
-u parameter seems to work fine.
Thanks anyway.
2015-02-19 22:38 GMT+01:00 Loïc THOMAS <lthoma...@gmail.com>:
> Hi.
>
> SQLmap wouldn't detect an injection though manually it works perfectly.
> It is on a post request.
>
> Using this value will display the page :
>
> id=75102' and (select user()) ='root@localhost' #
>
> Replacing 'root' by anything else won't work (except for the same in
> uppercase, it seems the charset is case insensitive)
>
> I've tried --level 5, but without any success.
>
> This seems pretty simple to me, I mean it's just basically [int]' AND
> [payload] [comment]
> (Note that # is the only comment I've found working. -- or /* won't work).
>
> DBS is Mysql. I've tried that option too.
>
> Any idea on how to have this to work with sqlmap?
>
>
> Regards,
>
> Loïc
>
------------------------------------------------------------------------------
Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
from Actuate! Instantly Supercharge Your Business Reports and Dashboards
with Interactivity, Sharing, Native Excel Exports, App Integration & more
Get technology previously reserved for billion-dollar corporations, FREE
http://pubads.g.doubleclick.net/gampad/clk?id=190641631&iu=/4140/ostg.clktrk
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
