[sqlmap-users] Customizing SQLMap to bypass weak (but effective) input filters
Brought to you by:
inquisb
Menu
▾
▴
[sqlmap-users] Customizing SQLMap to bypass weak (but effective) input filters
|
From: Giorgio F. <gio...@gm...> - 2011-05-28 11:02:45
|
Dear List, A tool cannot deal automatically with particular contexts and situations. A common reason of failure for SQL injection tools is the fact that some field are vulnerable but somehow sanitized. If fields are sanitized the Penetration tester must: 1) Understand which characters are filtered and how 2) Find how to make the blind SQL logic to work even if there are restrictions in place 3) Use a tool that can be customized with your new logic SQL is the best tool available for me (I am a strong SQLmap supporter :D) because it's yet powerful, but also fully customizable and meets perfectly these requirements. You can find the post here: http://blog.mindedsecurity.com/2011/05/customizing-sqlmap-to-bypass-weak-but.html Thank you, Giorgio Fedon |
