Hi Till.
--select-payload "')) UNION SELECT '1', NULL,([PAYLOAD]), '3'-- x"
would be something that would not be used often for sure. Also, small
percentage of users even know what's [PAYLOAD].
I know what you are referring to, and I believe that there are similar
cases that could be "treated" t
Hi,
On Mon, May 07, 2012 at 11:56:58AM +0200, Miroslav Stampar wrote:
> Are you maybe referring to the case where MSSQL integer column is
> injectable manifesting conversion errors when arbitrary SELECT used?
no. I have got an application where a parameter is injectable, but there
are certain co
Hi Till.
Are you maybe referring to the case where MSSQL integer column is
injectable manifesting conversion errors when arbitrary SELECT used?
e.g. id=(SELECT 'abc')
->
something like: bad conversion of 'abc' to integer value
We do have such a payload, named: Microsoft SQL Server/Sybase
error-b
Hi,
could you please add a simple "SELECT" payload to sqlmap, that will
assume that the injectable parameter will just allow to specify SELECT
statements. This would make it easier to use sqlmap with --prefix and
--suffix, because the latter parameters could be used to specify the
prefix and suffi
