[sqlmap-users] Problem with sqlmap
Brought to you by:
inquisb
From: Tim J. <ma...@ti...> - 2009-11-17 11:34:29
|
Hello, my name is Tim Jordans. First of all i have tested sqlmap and thanks for the tool. I stumbled upon a problem. In the following php-script sqlmap did not find any injection: mysql_query('SELECT * FROM tb_apotheke WHERE AID="'. mysql_real_escape_string($_REQUEST['zahl1']).'" OR AID='. $_REQUEST['zahl2'].' OR AID="'. mysql_real_escape_string($_REQUEST['zahl3']).'"' ); Although the middle parameter is not escaped sqlmap can´t inject. I was wondering if the statement is not unsecure or is this not part of the sqlmap testing routine. I hope that someone could help me with this problem. greetings tim jordans |