What's the problem (or question)?
During a pentest for a company i've found a sql injection which sqlmap is able only to exploit as a blind one. But i've manually customized it to be a error-based one.
here is the query :
/mypage.php?password=0','0',(select+1+from(select+count(*),concat((select+(select+concat(Hex(cast(database()+as+char))))+from+admin_table+limit+0,1),floor(rand(0)*2))x+from+admin_table+group+by+x)a));%23
Unfortunately i can't tell to sqlmap to use my customized payload...i've tried with suffix and prefix but nothing
Since there are a lot of database and a lot of tables , i can't use the blind one because i will spend too much time.
if i tell to sqlmap to inject the password parameter with my payload it recognizes the mysql database due to the "duplicate entry" error but at the end it looks not vulnerable.
I could share more details privately in order to get a solution..
I hope someone could help me ! i need to inject my custom payload in sqlmap.
Regards.
What's the problem (or question)?
During a pentest for a company i've found a sql injection which sqlmap is able only to exploit as a blind one. But i've manually customized it to be a error-based one.
here is the query :
/mypage.php?password=0','0',(select+1+from(select+count(*),concat((select+(select+concat(Hex(cast(database()+as+char))))+from+admin_table+limit+0,1),floor(rand(0)*2))x+from+admin_table+group+by+x)a));%23Unfortunately i can't tell to sqlmap to use my customized payload...i've tried with suffix and prefix but nothing
Since there are a lot of database and a lot of tables , i can't use the blind one because i will spend too much time.
if i tell to sqlmap to inject the password parameter with my payload it recognizes the mysql database due to the "duplicate entry" error but at the end it looks not vulnerable.
I could share more details privately in order to get a solution..
I hope someone could help me ! i need to inject my custom payload in sqlmap.
Regards.