Re: [sqlmap-users] MySQL Comment Injection Question
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] MySQL Comment Injection Question
|
From: Iago S. <146...@gm...> - 2012-07-02 21:29:07
|
Use --tamper=tamper/space2comment.py On Mon, Jul 2, 2012 at 6:02 PM, cats <du...@al...> wrote: > Hello there! :-) > > Just a quick question. > Does sqlmap currently handle injections like this? > > http://example.com?someparam=1/*!and 1=1*/ > > That is, if there is a filter that prevents a more common injection like > someparam=1 AND 1=1 from working, then using this type of commenting > would execute it and sometimes bypass the filter. > > Reason I ask is because I was recently testing out a new web application > using sqlmap, and it didn't seem to detect this injection even though I > know it's there (The server doesn't respond if it detects an injection, > thus sqlmap keeps timing out). > > Thanks for any response in advance :-) > > > > ------------------------------------------------------------------------------ > Live Security Virtual Conference > Exclusive live event will cover all the ways today's security and > threat landscape has changed and how IT managers can respond. Discussions > will include endpoint security, mobile security and the latest in malware > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > -- Regards, Iago Sousa |
