This is a straigthforward case. You are messing something up.
Use username=foobar&password=foobar in POST data. Don't put already SQLi
payload anywhere. Use --level=3 --risk=3
As said, you are doing something really really wrong here.
Bye
On Sun, Dec 4, 2016 at 3:06 PM, Daniele Bianchin <[email protected]>
wrote:
> Hi!
> I have an issue with sqlmap.
> I created my own fake login in order to test blind sql injection but
> everytime i make a test sqlmap says it isn't exploitable.
> I tried to add a suffix, set level to 5, set risk to 3, set not-string
> option but sqlmap still not work with it.
> The login source is: http://pastebin.com/xzKZJNB1
>
> I tried to inject some payloads manually such as ' OR 1=1#, ' UNION ALL
> SELECT NULL;NULL #, etc... and they work.
> What should i do?
>
> Thanks in advance!
>
>
> Daniele.
>
> ------------------------------------------------------------
> ------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, SlashDot.org! http://sdm.link/slashdot
> _______________________________________________
> sqlmap-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>
--
Miroslav Stampar
http://about.me/stamparm
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
sqlmap-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
