Skip to content

Need expert mode for complex scene #5582

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
ylbhz opened this issue Dec 13, 2023 · 1 comment
Closed

Need expert mode for complex scene #5582

ylbhz opened this issue Dec 13, 2023 · 1 comment
Labels
feature request

Comments

@ylbhz
Copy link

ylbhz commented Dec 13, 2023

I encountered a complex boolean-based injection, sqlmap didn't recognize it.

Here's the payload:

'+if(1=1,1,1/0)+' => true
'+if(1=2,1,1/0)+' => false

No matter how I marked the injection point, sqlmap tried many useless payload and reported #1 is uninjectable

I tried below:

'+if(,1,1/0)+'
'+if(1=1,1,1/0)+'

I need sqlmap to exploit the boolean-based injection vulnerability based on the payload I prepared. It works straightfword without any other vulnerablity testing.
@stamparm
Copy link
Member

  1. uninjectable? oh come on, please, spare me. it says uninjectable or unexploitable
  2. please do an "expert script" exploiting this case of yours. it is pretty ordinary one, so pretty sure that you'll get stuck with playing 0 and 1 bits

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@stamparm @ylbhz