@Miroslav Ah ok...i don't know i tried everything...
2016-12-04 16:57 GMT+01:00 Miroslav Stampar <[email protected]>:
> UA == User-Agent
>
> On Dec 4, 2016 16:57, "Daniele Bianchin" <[email protected]> wrote:
>
>> @Miroslav. What UA does it mean?
>>
>> @Brandon tried with sqlmap -u "127.0.0.1/test/Login.php"
>> --data="user=lol&password=lol" --dbs --suffix="#" -v 3 --tamper=space2plus
>> and didn't work.
>>
>> 2016-12-04 16:50 GMT+01:00 Miroslav Stampar <[email protected]>:
>>
>>> I am kind of confused. You said that it's your application, right? Why
>>> would your application care about UA. Also, you've sent source code which
>>> hasn't looked into UA
>>>
>>> Bye
>>>
>>> On Dec 4, 2016 16:47, "Daniele Bianchin" <[email protected]> wrote:
>>>
>>>> Ok, i made a test with BurpSuite as Brandon said.
>>>> I tried to inject lol'UNION ALL SELECT NULL,NULL# manually and it
>>>> worked.
>>>> The same payload with sqlmap not.
>>>>
>>>> This is what BurpSuite shows: http://pastebin.com/6ifKNX9k
>>>>
>>>> the first is made manually with firefox the second with sqlmap...
>>>> should i change user-agent in sqlmap?
>>>>
>>>> 2016-12-04 16:29 GMT+01:00 Daniele Bianchin <[email protected]>:
>>>>
>>>>> Ok, i made a test with BurpSuite as Brandon said.
>>>>> I tried to inject lol'UNION ALL SELECT NULL,NULL# manually and it
>>>>> worked.
>>>>> The same payload with sqlmap not.
>>>>>
>>>>> This is what BurpSuite shows: http://pastebin.com/6ifKNX9k
>>>>>
>>>>> the first is made manually with firefox the second with sqlmap...
>>>>> should i change user-agent in sqlmap?
>>>>>
>>>>> 2016-12-04 15:39 GMT+01:00 Brandon Perry <[email protected]>:
>>>>>
>>>>>> You can add —proxy and make sqlmap pass all requests through
>>>>>> burpsuite or another proxy so you can see what the difference is between
>>>>>> the requests sqlmap creates and the ones you make by hand are.
>>>>>>
>>>>>>
>>>>>> On Dec 4, 2016, at 8:27 AM, Miroslav Stampar <
>>>>>> [email protected]> wrote:
>>>>>>
>>>>>> This is a straigthforward case. You are messing something up.
>>>>>>
>>>>>> Use username=foobar&password=foobar in POST data. Don't put already
>>>>>> SQLi payload anywhere. Use --level=3 --risk=3
>>>>>>
>>>>>> As said, you are doing something really really wrong here.
>>>>>>
>>>>>> Bye
>>>>>>
>>>>>> On Sun, Dec 4, 2016 at 3:06 PM, Daniele Bianchin <
>>>>>> [email protected]> wrote:
>>>>>>
>>>>>>> Hi!
>>>>>>> I have an issue with sqlmap.
>>>>>>> I created my own fake login in order to test blind sql injection but
>>>>>>> everytime i make a test sqlmap says it isn't exploitable.
>>>>>>> I tried to add a suffix, set level to 5, set risk to 3, set
>>>>>>> not-string option but sqlmap still not work with it.
>>>>>>> The login source is: http://pastebin.com/xzKZJNB1
>>>>>>>
>>>>>>> I tried to inject some payloads manually such as ' OR 1=1#, ' UNION
>>>>>>> ALL SELECT NULL;NULL #, etc... and they work.
>>>>>>> What should i do?
>>>>>>>
>>>>>>> Thanks in advance!
>>>>>>>
>>>>>>>
>>>>>>> Daniele.
>>>>>>>
>>>>>>> ------------------------------------------------------------
>>>>>>> ------------------
>>>>>>> Check out the vibrant tech community on one of the world's most
>>>>>>> engaging tech sites, SlashDot.org <http://slashdot.org>!
>>>>>>> http://sdm.link/slashdot
>>>>>>> _______________________________________________
>>>>>>> sqlmap-users mailing list
>>>>>>> [email protected]
>>>>>>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> Miroslav Stampar
>>>>>> http://about.me/stamparm
>>>>>> ------------------------------------------------------------
>>>>>> ------------------
>>>>>> Check out the vibrant tech community on one of the world's most
>>>>>> engaging tech sites, SlashDot.org <http://slashdot.org>!
>>>>>> http://sdm.link/slashdot____________________________________
>>>>>> ___________
>>>>>> sqlmap-users mailing list
>>>>>> [email protected]
>>>>>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>
>>>> ------------------------------------------------------------
>>>> ------------------
>>>> Check out the vibrant tech community on one of the world's most
>>>> engaging tech sites, SlashDot.org! http://sdm.link/slashdot
>>>> _______________________________________________
>>>> sqlmap-users mailing list
>>>> [email protected]
>>>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>>>>
>>>>
>>
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
sqlmap-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
