hi Georgio. we have a mechanism called "tampering" for doing this kind of things.
e.g. for dealing with characters > and < you can try to use --tamper=between which will replace standard greater/lesser than characters in inference by BETWEEN operator kr On Sat, May 28, 2011 at 1:02 PM, Giorgio Fedon <giorgio.fe...@gmail.com> wrote: > Dear List, > > A tool cannot deal automatically with particular contexts and situations. > A common reason of failure for SQL injection tools is the fact that > some field are vulnerable but somehow sanitized. > > If fields are sanitized the Penetration tester must: > 1) Understand which characters are filtered and how > 2) Find how to make the blind SQL logic to work even if there are > restrictions in place > 3) Use a tool that can be customized with your new logic > > SQL is the best tool available for me (I am a strong SQLmap supporter > :D) because it's yet powerful, but also fully customizable and meets > perfectly these requirements. > > You can find the post here: > http://blog.mindedsecurity.com/2011/05/customizing-sqlmap-to-bypass-weak-but.html > > Thank you, > > Giorgio Fedon > > ------------------------------------------------------------------------------ > vRanger cuts backup time in half-while increasing security. > With the market-leading solution for virtual backup and recovery, > you get blazing-fast, flexible, and affordable data protection. > Download your free trial now. > http://p.sf.net/sfu/quest-d2dcopy1 > _______________________________________________ > sqlmap-users mailing list > sqlmap-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > -- Miroslav Stampar E-mail: miroslav.stampar (at) gmail.com PGP Key ID: 0xB5397B1B ------------------------------------------------------------------------------ vRanger cuts backup time in half-while increasing security. With the market-leading solution for virtual backup and recovery, you get blazing-fast, flexible, and affordable data protection. Download your free trial now. http://p.sf.net/sfu/quest-d2dcopy1 _______________________________________________ sqlmap-users mailing list sqlmap-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/sqlmap-users
