sqlmap - optimizing my usage

[Andrew Anderson <andycapp92 () gmail com>]

Doing an internal web application test, I have a login form that is
inject-able and am using sqlmap against it.

The basics are these.  On the username parameter if I run with incorrect
credentials and append:    * ' or 1=1 -- *  the resulting page's error
text, for reasons I'm sure most of you can surmise, differs from simply
using the bad creds alone.

I have sqlmap working to the point that it has found this and it is happily
working away.  I had to increase the --time-sec to 10 to make it work which
of course is making it run quite slowly.  I think this should be possible
using straight blind injection, but sqlmap has latched on to time-based.

While this is working, and I do have the time to let it run...  does anyone
have any suggestions as to what I can be doing better?  This is pretty much
my first use of sqlmap so I'm sure there's lots for me to learn.

# ./sqlmap.py -u "http://xxx.xxx.xxx.xxx/yyyy/security.asp"; --data
"userid=xxx&password=pass" -p "userid" --prefix="' or 1=1 " --suffix=" ;--"
--dbms=mssql -v 2 --string="error=inactive" --dbs --time-sec=10

-Andrew.

_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com