Marek, This should be dealt now, please svn update and retry.
Bernardo On 21 July 2011 10:37, Bernardo Damele A. G. <bernardo.dam...@gmail.com> wrote: > Hi, > > Please, try to append an asterisk, *, to the parameter value you want > to inject to. > However, url-encoding the equal character in the parameter value > should not cause a problem. As it seems that it does, we will track > down the bug and fix accordingly. Thanks for reporting. > > Bernardo > > > On 21 July 2011 10:30, Stiefenhofer, Marek <m.stiefenho...@r-tec.net> wrote: >> Hi all, >> >> we've found one rather common webapp that has SQLi "by design". >> Example URL: http://hostname/query?param1=value1&where=[FILTER] >> >> My problem is that sqlmap doesn't identify the "where" as parameter as >> long as it's value contains an equal-char, e.g. >> "where=column%3D[Integer]". But "where=column is not null" is working. >> I guess the reason is how sqlmap parses the URL and builds value/param >> pairs. >> >> Is there some sort of workaround for this issue? >> >> -marek > > > -- > Bernardo Damele A. G. > > E-mail / Jabber: bernardo.damele (at) gmail.com > Mobile: +447788962949 (UK 07788962949) > PGP Key ID: Unavailable > -- Bernardo Damele A. G. E-mail / Jabber: bernardo.damele (at) gmail.com Mobile: +447788962949 (UK 07788962949) PGP Key ID: Unavailable ------------------------------------------------------------------------------ 5 Ways to Improve & Secure Unified Communications Unified Communications promises greater efficiencies for business. UC can improve internal communications as well as offer faster, more efficient ways to interact with customers and streamline customer service. Learn more! http://www.accelacomm.com/jaw/sfnl/114/51426253/ _______________________________________________ sqlmap-users mailing list sqlmap-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/sqlmap-users
