Re: [sqlmap-users] MySQL Comment Injection Question
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] MySQL Comment Injection Question
|
From: Miroslav S. <mir...@gm...> - 2012-07-02 22:31:22
|
Hi. As Iago said, you'll need to play with tamper scripts. I would recommend for that case of yours: --tamper=versionedkeywords or --tamper=versionedmorekeywords or --tamper=halfversionedmorekeywords Kind regards, Miroslav Stampar On Mon, Jul 2, 2012 at 11:29 PM, Iago Sousa <146...@gm...> wrote: > Use --tamper=tamper/space2comment.py > > > On Mon, Jul 2, 2012 at 6:02 PM, cats <du...@al...> wrote: > >> Hello there! :-) >> >> Just a quick question. >> Does sqlmap currently handle injections like this? >> >> http://example.com?someparam=1/*!and 1=1*/ >> >> That is, if there is a filter that prevents a more common injection like >> someparam=1 AND 1=1 from working, then using this type of commenting >> would execute it and sometimes bypass the filter. >> >> Reason I ask is because I was recently testing out a new web application >> using sqlmap, and it didn't seem to detect this injection even though I >> know it's there (The server doesn't respond if it detects an injection, >> thus sqlmap keeps timing out). >> >> Thanks for any response in advance :-) >> >> >> >> ------------------------------------------------------------------------------ >> Live Security Virtual Conference >> Exclusive live event will cover all the ways today's security and >> threat landscape has changed and how IT managers can respond. Discussions >> will include endpoint security, mobile security and the latest in malware >> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ >> _______________________________________________ >> sqlmap-users mailing list >> sql...@li... >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> > > > > -- > Regards, > Iago Sousa > > > ------------------------------------------------------------------------------ > Live Security Virtual Conference > Exclusive live event will cover all the ways today's security and > threat landscape has changed and how IT managers can respond. Discussions > will include endpoint security, mobile security and the latest in malware > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar http://about.me/stamparm |
