[sqlmap-users] Injection in Host: header
Brought to you by:
inquisb
Menu
▾
▴
[sqlmap-users] Injection in Host: header
|
From: A C <ani...@ya...> - 2011-12-12 22:26:08
|
Hi sqlmap users, I've successfully used sqlmap to do wonderful things though parameters of web applications but I've recently come across an app which seems to have a possible injection flaw in the Host: header field. in other words, if I put a single quote (or other SQL) in the Host: header with my normal HTTP request, I will get back a MySQL error similar to the following: Error: <br />1064: You have an error in your SQL syntax; check the manual that c orresponds to your MySQL server version for the right syntax to use near 'ORDER BY pag_gr desc, pag_cat desc, pag_ide desc, sit_typ desc' at line 1 I'm can't seem to find a way to use sqlmap to perform its normal magic - is there a way to do this? Thanks! --Anindya |
