Dear List, A tool cannot deal automatically with particular contexts and situations. A common reason of failure for SQL injection tools is the fact that some field are vulnerable but somehow sanitized.
If fields are sanitized the Penetration tester must: 1) Understand which characters are filtered and how 2) Find how to make the blind SQL logic to work even if there are restrictions in place 3) Use a tool that can be customized with your new logic SQL is the best tool available for me (I am a strong SQLmap supporter :D) because it's yet powerful, but also fully customizable and meets perfectly these requirements. You can find the post here: http://blog.mindedsecurity.com/2011/05/customizing-sqlmap-to-bypass-weak-but.html Thank you, Giorgio Fedon ------------------------------------------------------------------------------ vRanger cuts backup time in half-while increasing security. With the market-leading solution for virtual backup and recovery, you get blazing-fast, flexible, and affordable data protection. Download your free trial now. http://p.sf.net/sfu/quest-d2dcopy1 _______________________________________________ sqlmap-users mailing list sqlmap-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/sqlmap-users
