Re: [sqlmap-users] boolean based sqli

Mon, 14 Mar 2016 09:30:59 -0700 

Hardly will sqlmap give all the correct payloads right away.

Though, to recreate sessions you could take a look into the:

    --safe-url=SAFEURL  URL address to visit frequently during testing
    --safe-post=SAFE..  POST data to send to a safe URL
    --safe-req=SAFER..  Load safe HTTP request from a file
    --safe-freq=SAFE..  Test requests between two visits to a given safe URL

With "safe URL" mechanism you could visit the "session recreation" page at
every <freq> times. sqlmap should take the new session cookie at every
visit.

Bye

On Mon, Mar 14, 2016 at 5:10 PM, Marcell Fodor <fodor.em...@gmail.com>
wrote:

> Hi,
>
> I have an application where the injection is pretty straightforward:
>
> ?asd= (case when(123=123 *) then 1 else 2 end)
>
> Problem is, when Sqlmap tries the injection point, it sends query which
> results in incorrect syntax on the server side and crashes the session. I
> can make the it working by Burp Marcos, recreating the session prior all
> sqlmap test requests, and sqlmap will find the injection point working
> after a few tries.
>
> Is there a more elegant way to do this?
>
>
>
>
>
> ------------------------------------------------------------------------------
> Transform Data into Opportunity.
> Accelerate data analysis in your applications with
> Intel Data Analytics Acceleration Library.
> Click to learn more.
> http://pubads.g.doubleclick.net/gampad/clk?id=278785231&iu=/4140
> _______________________________________________
> sqlmap-users mailing list
> sqlmap-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>


-- 
Miroslav Stampar
http://about.me/stamparm

------------------------------------------------------------------------------
Transform Data into Opportunity.
Accelerate data analysis in your applications with
Intel Data Analytics Acceleration Library.
Click to learn more.
http://pubads.g.doubleclick.net/gampad/clk?id=278785231&iu=/4140
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users

Reply via email to