Dear List,

A tool cannot deal automatically with particular contexts and situations.
A common reason of failure for SQL injection tools is the fact that
some field are vulnerable but somehow sanitized.

If fields are sanitized the Penetration tester must:
1) Understand which characters are filtered and how
2) Find how to make the blind SQL logic to work even if there are
restrictions in place
3) Use a tool that can be customized with your new logic

SQL is the best tool available for me (I am a strong SQLmap supporter
:D) because it's yet powerful, but also fully customizable and meets
perfectly these requirements.

You can find the post here:
http://blog.mindedsecurity.com/2011/05/customizing-sqlmap-to-bypass-weak-but.html

Thank you,

Giorgio Fedon

------------------------------------------------------------------------------
vRanger cuts backup time in half-while increasing security.
With the market-leading solution for virtual backup and recovery, 
you get blazing-fast, flexible, and affordable data protection.
Download your free trial now. 
http://p.sf.net/sfu/quest-d2dcopy1
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users

Reply via email to