[sqlmap-users] Problem with sqlmap
Brought to you by:
inquisb
Menu
▾
▴
[sqlmap-users] Problem with sqlmap
|
From: Tim J. <ma...@ti...> - 2009-11-17 11:34:29
|
Hello,
my name is Tim Jordans.
First of all i have tested sqlmap and thanks for the tool.
I stumbled upon a problem. In the following php-script sqlmap did not
find any injection:
mysql_query('SELECT * FROM tb_apotheke WHERE AID="'.
mysql_real_escape_string($_REQUEST['zahl1']).'" OR AID='.
$_REQUEST['zahl2'].' OR AID="'.
mysql_real_escape_string($_REQUEST['zahl3']).'"'
);
Although the middle parameter is not escaped sqlmap can´t inject. I was
wondering if the statement is not unsecure or is this not part of the
sqlmap testing routine.
I hope that someone could help me with this problem.
greetings
tim jordans
|
