Hello,
I detected a simple sql injection in an update query. The vulnerable
functionality locks items of a list.
An example of the vulnerable parameter is:
A) vuln_param=1 AND 1=1
B) vuln_param=1 AND 1=0
The problem is that sqlmap is not able to detect differences because when
sqlmap execute A) the value will be locked, so the following requests won't
modify the results in the database, the item is locked, and all responses
will be equal.
To unlock the item, you have to execute another functionality.So, how does
sqlmap deal in these situations?
A solution could be provide the unlock request and execute that
funcionality after every request made by sqlmap, in order to unlock the
item and detect changes in the responses. However, this duplicates the
number of requests needed.
kr
------------------------------------------------------------------------------
RSA(R) Conference 2012
Save $700 by Nov 18
Register now
http://p.sf.net/sfu/rsa-sfdev2dev1
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
