anyway...colud anyone take the source and try himself?
If it can help i'm using phpv7.0 with php-mysql libraries
2016-12-04 17:00 GMT+01:00 Daniele Bianchin <[email protected]>:
> @Miroslav Ah ok...i don't know i tried everything...
>
> 2016-12-04 16:57 GMT+01:00 Miroslav Stampar <[email protected]>:
>
>> UA == User-Agent
>>
>> On Dec 4, 2016 16:57, "Daniele Bianchin" <[email protected]> wrote:
>>
>>> @Miroslav. What UA does it mean?
>>>
>>> @Brandon tried with sqlmap -u "127.0.0.1/test/Login.php"
>>> --data="user=lol&password=lol" --dbs --suffix="#" -v 3 --tamper=space2plus
>>> and didn't work.
>>>
>>> 2016-12-04 16:50 GMT+01:00 Miroslav Stampar <[email protected]>
>>> :
>>>
>>>> I am kind of confused. You said that it's your application, right? Why
>>>> would your application care about UA. Also, you've sent source code which
>>>> hasn't looked into UA
>>>>
>>>> Bye
>>>>
>>>> On Dec 4, 2016 16:47, "Daniele Bianchin" <[email protected]> wrote:
>>>>
>>>>> Ok, i made a test with BurpSuite as Brandon said.
>>>>> I tried to inject lol'UNION ALL SELECT NULL,NULL# manually and it
>>>>> worked.
>>>>> The same payload with sqlmap not.
>>>>>
>>>>> This is what BurpSuite shows: http://pastebin.com/6ifKNX9k
>>>>>
>>>>> the first is made manually with firefox the second with sqlmap...
>>>>> should i change user-agent in sqlmap?
>>>>>
>>>>> 2016-12-04 16:29 GMT+01:00 Daniele Bianchin <[email protected]>:
>>>>>
>>>>>> Ok, i made a test with BurpSuite as Brandon said.
>>>>>> I tried to inject lol'UNION ALL SELECT NULL,NULL# manually and it
>>>>>> worked.
>>>>>> The same payload with sqlmap not.
>>>>>>
>>>>>> This is what BurpSuite shows: http://pastebin.com/6ifKNX9k
>>>>>>
>>>>>> the first is made manually with firefox the second with sqlmap...
>>>>>> should i change user-agent in sqlmap?
>>>>>>
>>>>>> 2016-12-04 15:39 GMT+01:00 Brandon Perry <[email protected]>:
>>>>>>
>>>>>>> You can add —proxy and make sqlmap pass all requests through
>>>>>>> burpsuite or another proxy so you can see what the difference is between
>>>>>>> the requests sqlmap creates and the ones you make by hand are.
>>>>>>>
>>>>>>>
>>>>>>> On Dec 4, 2016, at 8:27 AM, Miroslav Stampar <
>>>>>>> [email protected]> wrote:
>>>>>>>
>>>>>>> This is a straigthforward case. You are messing something up.
>>>>>>>
>>>>>>> Use username=foobar&password=foobar in POST data. Don't put already
>>>>>>> SQLi payload anywhere. Use --level=3 --risk=3
>>>>>>>
>>>>>>> As said, you are doing something really really wrong here.
>>>>>>>
>>>>>>> Bye
>>>>>>>
>>>>>>> On Sun, Dec 4, 2016 at 3:06 PM, Daniele Bianchin <
>>>>>>> [email protected]> wrote:
>>>>>>>
>>>>>>>> Hi!
>>>>>>>> I have an issue with sqlmap.
>>>>>>>> I created my own fake login in order to test blind sql injection
>>>>>>>> but everytime i make a test sqlmap says it isn't exploitable.
>>>>>>>> I tried to add a suffix, set level to 5, set risk to 3, set
>>>>>>>> not-string option but sqlmap still not work with it.
>>>>>>>> The login source is: http://pastebin.com/xzKZJNB1
>>>>>>>>
>>>>>>>> I tried to inject some payloads manually such as ' OR 1=1#, ' UNION
>>>>>>>> ALL SELECT NULL;NULL #, etc... and they work.
>>>>>>>> What should i do?
>>>>>>>>
>>>>>>>> Thanks in advance!
>>>>>>>>
>>>>>>>>
>>>>>>>> Daniele.
>>>>>>>>
>>>>>>>> ------------------------------------------------------------
>>>>>>>> ------------------
>>>>>>>> Check out the vibrant tech community on one of the world's most
>>>>>>>> engaging tech sites, SlashDot.org <http://slashdot.org>!
>>>>>>>> http://sdm.link/slashdot
>>>>>>>> _______________________________________________
>>>>>>>> sqlmap-users mailing list
>>>>>>>> [email protected]
>>>>>>>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> Miroslav Stampar
>>>>>>> http://about.me/stamparm
>>>>>>> ------------------------------------------------------------
>>>>>>> ------------------
>>>>>>> Check out the vibrant tech community on one of the world's most
>>>>>>> engaging tech sites, SlashDot.org <http://slashdot.org>!
>>>>>>> http://sdm.link/slashdot____________________________________
>>>>>>> ___________
>>>>>>> sqlmap-users mailing list
>>>>>>> [email protected]
>>>>>>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>> ------------------------------------------------------------
>>>>> ------------------
>>>>> Check out the vibrant tech community on one of the world's most
>>>>> engaging tech sites, SlashDot.org! http://sdm.link/slashdot
>>>>> _______________________________________________
>>>>> sqlmap-users mailing list
>>>>> [email protected]
>>>>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>>>>>
>>>>>
>>>
>
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
sqlmap-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
