I have a known sqli vulnerability that I'd like to try out with sqlmap in a web application; however, I don't believe sqlmap is able to figure this one out. Here's how the system works:
- Inject on a given parameter, s, in Thread 1.
- Thread 1 dispatches the information to a second thread. Thread 1 returns an HTML message immediately always with a status of "Pending"
- Thread 2 now executes the sqli and writes a file to a location in the web site I can look up. It also returns a Success message.
I cannot directly call the private method that Thread 2 executes, so I need to start with the dispatcher. However, I believe sqlmap can only find that this is a successful injection if it could read the outcome of thread 2. Does anyone have any idea how I could get sqlmap to understand this sequence?