SQLmap - UNION Injectable - error | help?
Trying to test my domain to verify leaks of Vuln..
and I keep getting:
[INFO] target url appears to be UNION injectable with 7 columns -- (sometimes this changes into different amounts)
[WARNING] please consider usage of --union-char option (e.g. --union-char=1) to make it work
I first ran the same command below without the union-char option and it shot out the same warning line...but then
I re-ran it with the added option to the command and its taking for ever, and its shooting out the same warning message, but no dumping...
/sqlmap.py -u http://www.mysite.net/name.php?u=### --dump-all -o threads=10 --random-agent --timeout=60 --retries=6 --level=5 risk=3 --beep --batch --union-char=1
Re: SQLmap - UNION Injectable - error | help?
Quote:
Originally Posted by
Eatme
Trying to test my domain to verify leaks of Vuln..
and I keep getting:
[INFO] target url appears to be UNION injectable with 7 columns -- (sometimes this changes into different amounts)
[WARNING] please consider usage of --union-char option (e.g. --union-char=1) to make it work
I first ran the same command below without the union-char option and it shot out the same warning line...but then
I re-ran it with the added option to the command and its taking for ever, and its shooting out the same warning message, but no dumping...
/sqlmap.py -u
http://www.mysite.net/name.php?u=### --dump-all -o threads=10 --random-agent --timeout=60 --retries=6 --level=5 risk=3 --beep --batch --union-char=1
coupe of things I noticed. --timeout=60 + retries=6 would equal 6 minutes before a timeout which is a long time.
--random-agent could be giving you different results on different tests.
You didn't put -- in front of risk=3 or threads=10.
Maybe try --union-char=7 instead of --union-char=1
Re: SQLmap - UNION Injectable - error | help?
Re: SQLmap - UNION Injectable - error | help?
ok i took out the time out line and fix everything but it still testing for vuln's after its found an injectable, and its taking forever..
Re: SQLmap - UNION Injectable - error | help?
Usually if an injectable parameter is found sqlmap will ask if you want to continue. Can you copy and paste the command you are using and the output?
Re: SQLmap - UNION Injectable - error | help?
oops i forgot that I used the command --batch which auto enters the return button if a question is asked..
