Hi sqlmappers, I'm a fairly experienced user of sqlmap having used it extensively in the past. I came across what appeared to pretty typical boolean-based blind SQLi in an application I'm (legally) testing. However, for the first time, I'm unable to get sqlmap to recognise the parameter as vulnerable to exploit it further. And as we know, manually exploiting blind SQLi is cumbersome to say the least.
Here is a summary of the requests i've made to manually confirm the vulnerability. /help/UserGuide.aspx?Sec=PackageSelection (returns response A) /help/UserGuide.aspx?Sec=PackageSelection'+and+'1'='1 (returns response A) /help/UserGuide.aspx?Sec=PackageSelection'+and+'1'='2 (returns response B) I've tried various sqlmap flags and thought the following command would give me the best chance of success: sqlmap -r '<request file>' -p 'Sec' --dbms 'Microsoft SQL Server' --level=4 --proxy=http://127.0.0.1:8080 --technique=B --string 'industries' -v 1 Note: the string 'industries' is text that appears in response A but not response B. I've looked at the requests that sqlmap is sending in the background (proxied through burp). It appears that it's attempting to exploit this with the AND statement as it should but is not using single quotes as per my example above. I'd appreciate any insight. If this is a shortcoming in sqlmap, i'd be more than happy to contribute some time to improve it so it can identify injectable parameters such as these in the future. Thanks, Al. ------------------------------------------------------------------------------ One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y _______________________________________________ sqlmap-users mailing list sqlmap-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/sqlmap-users
