Hi all, we've found one rather common webapp that has SQLi "by design". Example URL: http://hostname/query?param1=value1&where=[FILTER]
My problem is that sqlmap doesn't identify the "where" as parameter as long as it's value contains an equal-char, e.g. "where=column%3D[Integer]". But "where=column is not null" is working. I guess the reason is how sqlmap parses the URL and builds value/param pairs. Is there some sort of workaround for this issue? -marek
smime.p7s
Description: S/MIME cryptographic signature
------------------------------------------------------------------------------ 5 Ways to Improve & Secure Unified Communications Unified Communications promises greater efficiencies for business. UC can improve internal communications as well as offer faster, more efficient ways to interact with customers and streamline customer service. Learn more! http://www.accelacomm.com/jaw/sfnl/114/51426253/
_______________________________________________ sqlmap-users mailing list sqlmap-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/sqlmap-users