UA == User-Agent
On Dec 4, 2016 16:57, "Daniele Bianchin" <[email protected]> wrote:
> @Miroslav. What UA does it mean?
>
> @Brandon tried with sqlmap -u "127.0.0.1/test/Login.php"
> --data="user=lol&password=lol" --dbs --suffix="#" -v 3 --tamper=space2plus
> and didn't work.
>
> 2016-12-04 16:50 GMT+01:00 Miroslav Stampar <[email protected]>:
>
>> I am kind of confused. You said that it's your application, right? Why
>> would your application care about UA. Also, you've sent source code which
>> hasn't looked into UA
>>
>> Bye
>>
>> On Dec 4, 2016 16:47, "Daniele Bianchin" <[email protected]> wrote:
>>
>>> Ok, i made a test with BurpSuite as Brandon said.
>>> I tried to inject lol'UNION ALL SELECT NULL,NULL# manually and it worked.
>>> The same payload with sqlmap not.
>>>
>>> This is what BurpSuite shows: http://pastebin.com/6ifKNX9k
>>>
>>> the first is made manually with firefox the second with sqlmap...
>>> should i change user-agent in sqlmap?
>>>
>>> 2016-12-04 16:29 GMT+01:00 Daniele Bianchin <[email protected]>:
>>>
>>>> Ok, i made a test with BurpSuite as Brandon said.
>>>> I tried to inject lol'UNION ALL SELECT NULL,NULL# manually and it
>>>> worked.
>>>> The same payload with sqlmap not.
>>>>
>>>> This is what BurpSuite shows: http://pastebin.com/6ifKNX9k
>>>>
>>>> the first is made manually with firefox the second with sqlmap...
>>>> should i change user-agent in sqlmap?
>>>>
>>>> 2016-12-04 15:39 GMT+01:00 Brandon Perry <[email protected]>:
>>>>
>>>>> You can add —proxy and make sqlmap pass all requests through burpsuite
>>>>> or another proxy so you can see what the difference is between the
>>>>> requests
>>>>> sqlmap creates and the ones you make by hand are.
>>>>>
>>>>>
>>>>> On Dec 4, 2016, at 8:27 AM, Miroslav Stampar <
>>>>> [email protected]> wrote:
>>>>>
>>>>> This is a straigthforward case. You are messing something up.
>>>>>
>>>>> Use username=foobar&password=foobar in POST data. Don't put already
>>>>> SQLi payload anywhere. Use --level=3 --risk=3
>>>>>
>>>>> As said, you are doing something really really wrong here.
>>>>>
>>>>> Bye
>>>>>
>>>>> On Sun, Dec 4, 2016 at 3:06 PM, Daniele Bianchin <[email protected]
>>>>> > wrote:
>>>>>
>>>>>> Hi!
>>>>>> I have an issue with sqlmap.
>>>>>> I created my own fake login in order to test blind sql injection but
>>>>>> everytime i make a test sqlmap says it isn't exploitable.
>>>>>> I tried to add a suffix, set level to 5, set risk to 3, set
>>>>>> not-string option but sqlmap still not work with it.
>>>>>> The login source is: http://pastebin.com/xzKZJNB1
>>>>>>
>>>>>> I tried to inject some payloads manually such as ' OR 1=1#, ' UNION
>>>>>> ALL SELECT NULL;NULL #, etc... and they work.
>>>>>> What should i do?
>>>>>>
>>>>>> Thanks in advance!
>>>>>>
>>>>>>
>>>>>> Daniele.
>>>>>>
>>>>>> ------------------------------------------------------------
>>>>>> ------------------
>>>>>> Check out the vibrant tech community on one of the world's most
>>>>>> engaging tech sites, SlashDot.org <http://slashdot.org>!
>>>>>> http://sdm.link/slashdot
>>>>>> _______________________________________________
>>>>>> sqlmap-users mailing list
>>>>>> [email protected]
>>>>>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Miroslav Stampar
>>>>> http://about.me/stamparm
>>>>> ------------------------------------------------------------
>>>>> ------------------
>>>>> Check out the vibrant tech community on one of the world's most
>>>>> engaging tech sites, SlashDot.org <http://slashdot.org>!
>>>>> http://sdm.link/slashdot____________________________________
>>>>> ___________
>>>>> sqlmap-users mailing list
>>>>> [email protected]
>>>>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>>>>>
>>>>>
>>>>>
>>>>
>>>
>>> ------------------------------------------------------------
>>> ------------------
>>> Check out the vibrant tech community on one of the world's most
>>> engaging tech sites, SlashDot.org! http://sdm.link/slashdot
>>> _______________________________________________
>>> sqlmap-users mailing list
>>> [email protected]
>>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>>>
>>>
>
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
sqlmap-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
