Marek,

This should be dealt now, please svn update and retry.

Bernardo

On 21 July 2011 10:37, Bernardo Damele A. G. <bernardo.dam...@gmail.com> wrote:
> Hi,
>
> Please, try to append an asterisk, *, to the parameter value you want
> to inject to.
> However, url-encoding the equal character in the parameter value
> should not cause a problem. As it seems that it does, we will track
> down the bug and fix accordingly. Thanks for reporting.
>
> Bernardo
>
>
> On 21 July 2011 10:30, Stiefenhofer, Marek <m.stiefenho...@r-tec.net> wrote:
>> Hi all,
>>
>> we've found one rather common webapp that has SQLi "by design".
>> Example URL: http://hostname/query?param1=value1&where=[FILTER]
>>
>> My problem is that sqlmap doesn't identify the "where" as parameter as
>> long as it's value contains an equal-char, e.g.
>> "where=column%3D[Integer]". But "where=column is not null" is working.
>> I guess the reason is how sqlmap parses the URL and builds value/param
>> pairs.
>>
>> Is there some sort of workaround for this issue?
>>
>> -marek
>
>
> --
> Bernardo Damele A. G.
>
> E-mail / Jabber: bernardo.damele (at) gmail.com
> Mobile: +447788962949 (UK 07788962949)
> PGP Key ID: Unavailable
>



-- 
Bernardo Damele A. G.

E-mail / Jabber: bernardo.damele (at) gmail.com
Mobile: +447788962949 (UK 07788962949)
PGP Key ID: Unavailable

------------------------------------------------------------------------------
5 Ways to Improve & Secure Unified Communications
Unified Communications promises greater efficiencies for business. UC can 
improve internal communications as well as offer faster, more efficient ways
to interact with customers and streamline customer service. Learn more!
http://www.accelacomm.com/jaw/sfnl/114/51426253/
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users

Reply via email to