[sqlmap-users] Manipulating JSON types to induce SQL errors
Brought to you by:
inquisb
Menu
▾
▴
[sqlmap-users] Manipulating JSON types to induce SQL errors
|
From: Brandon P. <bpe...@gm...> - 2013-11-26 19:01:42
|
A technique I find quite useful on web applications that are weakly-typed
is manipulating the data within JSON to be more susceptible to fuzzing for
SQLi.
For instance {"id":0} can be made {"id":"0"} as long as the application
isn't caring what the type of the ID is (rails, python, perl, etc...).
Generally I do this manually, does sqlmap support this type of
manipulation? If not, would a tamper script be the solution to automating
this?
Thanks!
--
http://volatile-minds.blogspot.com -- blog
http://www.volatileminds.net -- website
|
