[sqlmap-users] A suggestion for blind SQL injection
Brought to you by:
inquisb
Menu
▾
▴
[sqlmap-users] A suggestion for blind SQL injection
|
From: David A. <dav...@gm...> - 2011-04-20 16:34:25
|
Hello, I found a web application that uses PostgreSQL 8.1.22 and filter '>' and '<' characters. This app is vulnerable to a Blind Sql injection, so sqlmap try to extract data doing the boolean-base technique. However, due to <,> characters are filtered sqlmap is not able to extract data. The method that I used to extract was very slow: changing boolean condition from A > B to A = B. So, this is a possible kind of method to extract data when '<>' characters are filtered. I don't know if there are other quickest methods, else it could be included in sqlmap. Kind regards, David Alvarez |
