[sqlmap-users] MySQL Comment Injection Question
Brought to you by:
inquisb
Menu
▾
▴
[sqlmap-users] MySQL Comment Injection Question
|
From: cats <du...@al...> - 2012-07-02 21:19:42
|
Hello there! :-) Just a quick question. Does sqlmap currently handle injections like this? http://example.com?someparam=1/*!and 1=1*/ That is, if there is a filter that prevents a more common injection like someparam=1 AND 1=1 from working, then using this type of commenting would execute it and sometimes bypass the filter. Reason I ask is because I was recently testing out a new web application using sqlmap, and it didn't seem to detect this injection even though I know it's there (The server doesn't respond if it detects an injection, thus sqlmap keeps timing out). Thanks for any response in advance :-) |
