[sqlmap-users] injection into cookies

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Hi
I've got an application that is vulnerable to SQLi in one of two
cookie parameters. The one that is injectable is the ASP.NET_SessionId
which has to start with a valid session id but then if given an extra
' on the end it fails and dumps out a nice SQL error.

So what I need to do is to tell sqlmap to inject onto the end of the
one cookie but leave the other intact. Is this possible?

Robin