Hi all,

we've found one rather common webapp that has SQLi "by design".
Example URL: http://hostname/query?param1=value1&where=[FILTER]

My problem is that sqlmap doesn't identify the "where" as parameter as
long as it's value contains an equal-char, e.g.
"where=column%3D[Integer]". But "where=column is not null" is working.
I guess the reason is how sqlmap parses the URL and builds value/param
pairs. 

Is there some sort of workaround for this issue?

-marek

Attachment: smime.p7s
Description: S/MIME cryptographic signature

------------------------------------------------------------------------------
5 Ways to Improve & Secure Unified Communications
Unified Communications promises greater efficiencies for business. UC can 
improve internal communications as well as offer faster, more efficient ways
to interact with customers and streamline customer service. Learn more!
http://www.accelacomm.com/jaw/sfnl/114/51426253/
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users

Reply via email to