[sqlmap-users] Addressing data inside the path
Brought to you by:
inquisb
From: Thomas S. <ts...@go...> - 2010-10-24 08:11:26
|
Hi, I have discovered an SQL-Injection where the app extracts the parameter for the SQL query from the URL like this: www.site.tld/path/category_123/getItem.do 123 is the parameter. Changing this to www.site.tld/path/category_'/getItem.do leads to an SQL syntax error. As far as I can see, sqlmap does not support adressing the data in the path itself. Any ideas? Thank you Thomas |