Thread: [sqlmap-users] Tautology with banned chars in Oracle

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

List,

    I'm performing a pentest and I think that one of the parameters is
injectable, BUT there is a filter that filters =,>,< and ' . Is there
a way to create a tautology (OR 1=1) in Oracle without using those
chars?

    More info: it's an integer parameter.

Cheers,
-- 
Andres Riancho
http://w3af.sourceforge.net/
Web Application Attack and Audit Framework