Re: [sqlmap-users] Fw: Which get was the right
Brought to you by:
inquisb
From: Bernardo D. A. G. <ber...@gm...> - 2010-01-22 18:18:31
|
On Fri, Jan 22, 2010 at 08:34, Beatriz Duran <bea...@ya...> wrote: > ... > http://X.X.X.X/uoc/alumnos/sqlinjection/?departamento=0%20UNION%20ALL%20SELECT%20NULL,%20%271234%27 > > It works, the number 1234 is shown as part of a list; is there a way to > force sqlmap to work with UNION and avoid the testing that --use-union does? Not yet. Test for UNION query SQL injection and detection phase in general will be totally rewritten in the next months though. -- Bernardo Damele A. G. E-mail / Jabber: bernardo.damele (at) gmail.com Mobile: +447788962949 (UK 07788962949) PGP Key ID: 0x05F5A30F |