You can add —proxy and make sqlmap pass all requests through burpsuite or another proxy so you can see what the difference is between the requests sqlmap creates and the ones you make by hand are.
> On Dec 4, 2016, at 8:27 AM, Miroslav Stampar <[email protected]> > wrote: > > This is a straigthforward case. You are messing something up. > > Use username=foobar&password=foobar in POST data. Don't put already SQLi > payload anywhere. Use --level=3 --risk=3 > > As said, you are doing something really really wrong here. > > Bye > > On Sun, Dec 4, 2016 at 3:06 PM, Daniele Bianchin <[email protected] > <mailto:[email protected]>> wrote: > Hi! > I have an issue with sqlmap. > I created my own fake login in order to test blind sql injection but > everytime i make a test sqlmap says it isn't exploitable. > I tried to add a suffix, set level to 5, set risk to 3, set not-string option > but sqlmap still not work with it. > The login source is: http://pastebin.com/xzKZJNB1 > <http://pastebin.com/xzKZJNB1> > > I tried to inject some payloads manually such as ' OR 1=1#, ' UNION ALL > SELECT NULL;NULL #, etc... and they work. > What should i do? > > Thanks in advance! > > > Daniele. > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, SlashDot.org! http://sdm.link/slashdot > <http://sdm.link/slashdot> > _______________________________________________ > sqlmap-users mailing list > [email protected] <mailto:[email protected]> > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > <https://lists.sourceforge.net/lists/listinfo/sqlmap-users> > > > > > -- > Miroslav Stampar > http://about.me/stamparm > <http://about.me/stamparm>------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, SlashDot.org! > http://sdm.link/slashdot_______________________________________________ > sqlmap-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/sqlmap-users
signature.asc
Description: Message signed with OpenPGP using GPGMail
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________ sqlmap-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/sqlmap-users
