[sqlmap-users] use blind SQL injection without some charactares due to a WAF
Brought to you by:
inquisb
Menu
▾
▴
[sqlmap-users] use blind SQL injection without some charactares due to a WAF
|
From: <wh...@po...> - 2013-01-18 12:19:15
|
Hi all, my current test is a web application that redirects me to a generic page, whenever < or > is present in a parameter - before the query gets to the application logic. The application is injectable with a blind injection (MSSQL, proven by manual checking and also found by sqlmap). But if I try e.g. --current-user, sqlmap uses a query with greater than ">" in the where clause :-( Is it possible to use other queries (like only "=" or "!=" or contains)? I'm to lazy to program this myself - or try to understand the perl - programs I used ages ago ;-) Kind regards, Chris |
