Re: [sqlmap-users] Injection in Host: header
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] Injection in Host: header
|
From: Miroslav S. <mir...@gm...> - 2011-12-14 16:03:21
|
Hi. This moment there isn't support for Host header. I won't promise anything but maybe it will be implemented these days. Kind regards On Mon, Dec 12, 2011 at 11:26 PM, A C <ani...@ya...> wrote: > Hi sqlmap users, > > I've successfully used sqlmap to do wonderful things though parameters of > web applications but I've recently come across an app which seems to have a > possible injection flaw in the Host: header field. in other words, if I put > a single quote (or other SQL) in the Host: header with my normal HTTP > request, I will get back a MySQL error similar to the following: > > Error: <br />1064: You have an error in your SQL syntax; check the manual > that c > orresponds to your MySQL server version for the right syntax to use near > 'ORDER > BY pag_gr desc, pag_cat desc, pag_ide desc, sit_typ desc' at line 1 > > I'm can't seem to find a way to use sqlmap to perform its normal magic - > is there a way to do this? > > Thanks! > --Anindya > > > ------------------------------------------------------------------------------ > Learn Windows Azure Live! Tuesday, Dec 13, 2011 > Microsoft is holding a special Learn Windows Azure training event for > developers. It will provide a great way to learn Windows Azure and what it > provides. You can attend the event by watching it streamed LIVE online. > Learn more at http://p.sf.net/sfu/ms-windowsazure > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar http://about.me/stamparm |
