[sqlmap-users] JSON injection

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Hi !

I've just found an injection via a JSON parameter which i've tested
manually and im trying to succeed with sqlmap.

But I cant find the way to tell sqlmap where to inject.

Via the --data parameter there is no way of tell where to inject like in
the URI injections with get and the * ?

I've tried also by the --prefix and --suffix to complete the post data to
send, but this parameters got messed up with all the JSON quotes. Sqlmap
returns the error ''You havent especified the sufix''.

Thanks for all ;)