Re: [sqlmap-users] tag FORM not supported
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] tag FORM not supported
|
From: Chris O. <chr...@gm...> - 2012-08-09 10:42:10
|
Even though it's wrong to use GET with this enctype, I think it will still work: http://oi49.tinypic.com/2yn2r9w.jpg So if this is interacting with a database, there could still be an injection. Perhaps the check that sqlmap does is too simplistic? Regards Chris On 9 August 2012 11:23, Marco Mirandola <mm...@gm...> wrote: > But rather than check enctype = "multipart / form-data", which in my case > does not include any upload (see attached html), because not only excludes > only the possible upload? > we are in the attached example: > > 2 select (combobox) > 3 checkboxes > > both valid for the injection ... > > > > ------------------------------------------------------------------------------ > Live Security Virtual Conference > Exclusive live event will cover all the ways today's security and > threat landscape has changed and how IT managers can respond. Discussions > will include endpoint security, mobile security and the latest in malware > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > |
