[sqlmap-users] Tautology with banned chars in Oracle
Brought to you by:
inquisb
From: Andres R. <and...@gm...> - 2008-11-26 15:43:41
|
List, I'm performing a pentest and I think that one of the parameters is injectable, BUT there is a filter that filters =,>,< and ' . Is there a way to create a tautology (OR 1=1) in Oracle without using those chars? More info: it's an integer parameter. Cheers, -- Andres Riancho http://w3af.sourceforge.net/ Web Application Attack and Audit Framework |