PaulDotCom mailing list archives
sqlmap - optimizing my usage
From: Andrew Anderson <andycapp92 () gmail com>
Date: Thu, 5 Apr 2012 10:18:57 -0600
Doing an internal web application test, I have a login form that is inject-able and am using sqlmap against it. The basics are these. On the username parameter if I run with incorrect credentials and append: * ' or 1=1 -- * the resulting page's error text, for reasons I'm sure most of you can surmise, differs from simply using the bad creds alone. I have sqlmap working to the point that it has found this and it is happily working away. I had to increase the --time-sec to 10 to make it work which of course is making it run quite slowly. I think this should be possible using straight blind injection, but sqlmap has latched on to time-based. While this is working, and I do have the time to let it run... does anyone have any suggestions as to what I can be doing better? This is pretty much my first use of sqlmap so I'm sure there's lots for me to learn. # ./sqlmap.py -u "http://xxx.xxx.xxx.xxx/yyyy/security.asp" --data "userid=xxx&password=pass" -p "userid" --prefix="' or 1=1 " --suffix=" ;--" --dbms=mssql -v 2 --string="error=inactive" --dbs --time-sec=10 -Andrew.
_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- sqlmap - optimizing my usage Andrew Anderson (Apr 05)