Hello,

I found a web application that uses PostgreSQL 8.1.22 and filter '>' and '<'
characters. This app is vulnerable to a Blind Sql injection, so sqlmap try
to extract data doing the boolean-base technique. However, due to <,>
characters are filtered sqlmap is not able to extract data. The method that
I used to extract was very slow: changing boolean condition from A > B to A
= B.

So, this is a possible kind of method to extract data when '<>' characters
are filtered. I don't know if there are other quickest methods, else it
could be included in sqlmap.

Kind regards,
David Alvarez
------------------------------------------------------------------------------
Benefiting from Server Virtualization: Beyond Initial Workload 
Consolidation -- Increasing the use of server virtualization is a top
priority.Virtualization can reduce costs, simplify management, and improve 
application availability and disaster protection. Learn more about boosting 
the value of server virtualization. http://p.sf.net/sfu/vmware-sfdev2dev
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users

Reply via email to