[sqlmap-users] Feature request: Filter evasion
Brought to you by:
inquisb
Menu
▾
▴
[sqlmap-users] Feature request: Filter evasion
|
From: Philippe A. R. S. <sc...@co...> - 2008-12-09 13:20:07
|
Hi, testing an SQL-I (and talking to the responsible admins) I came across a filter that is blocking any requests containing 2 of the strings given below. It seems to be possible to evade the filter by including comments (e.g. "se/**/lect" - for MSSQL). I've done some tests by changing xml/queries.xml which is a rather dirty hack. It would be a nice feature to use such evasion techniques as an option in sql-map. Regards, Philippe alter backup begin cast convert create cursor database declare delete deny drop dt_ dump exec execute exists from function grant identity index insert into master ms_ on procedure rollback schema select set sp_ statistics table transaction trigger truncate update user view where xp_ |
