Hello,
I found a web application that uses PostgreSQL 8.1.22 and filter '>' and '<'
characters. This app is vulnerable to a Blind Sql injection, so sqlmap try
to extract data doing the boolean-base technique. However, due to <,>
characters are filtered sqlmap is not able to extract data. The method that
I used to extract was very slow: changing boolean condition from A > B to A
= B.
So, this is a possible kind of method to extract data when '<>' characters
are filtered. I don't know if there are other quickest methods, else it
could be included in sqlmap.
Kind regards,
David Alvarez
------------------------------------------------------------------------------
Benefiting from Server Virtualization: Beyond Initial Workload
Consolidation -- Increasing the use of server virtualization is a top
priority.Virtualization can reduce costs, simplify management, and improve
application availability and disaster protection. Learn more about boosting
the value of server virtualization. http://p.sf.net/sfu/vmware-sfdev2dev
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
