Re: [sqlmap-users] Sqlmap missing a get param?
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] Sqlmap missing a get param?
|
From: Pieter de B. <pi...@th...> - 2011-02-04 22:37:22
|
On 02/04/11 20:37, Miroslav Stampar wrote: > are you certain that one parameter value is not "overwritten" by the > other at the servers side. in server side programming (PHP, ASP) i > don't know how to handle such requests out of box. > > could you please post some examples just to experiment? > Unfortunately I don't have examples, but I've seen such cases 'in the wild'. It can be used for selecting multiple items from a list, for example. It really depends on how the application, language or framework handles the parameters, as Steve mailed earlier. It may not be very useful to implement as it's rarely used for useful purposes, but if it's not a problem to replace the dict with a list, I suggest considering doing so. Regards, Pieter |
