Hi sqlmap users,
I've successfully used sqlmap to do wonderful things though parameters of web
applications but I've recently come across an app which seems to have a
possible injection flaw in the Host: header field. in other words, if I put a
single quote (or other SQL) in the Host: header with my normal HTTP request, I
will get back a MySQL error similar to the following:
Error: <br />1064: You have an error in your SQL syntax; check the manual that c
orresponds to your MySQL server version for the right syntax to use near 'ORDER
BY pag_gr desc, pag_cat desc, pag_ide desc, sit_typ desc' at line 1
I'm can't seem to find a way to use sqlmap to perform its normal magic - is
there a way to do this?
Thanks!
--Anindya
------------------------------------------------------------------------------
Learn Windows Azure Live! Tuesday, Dec 13, 2011
Microsoft is holding a special Learn Windows Azure training event for
developers. It will provide a great way to learn Windows Azure and what it
provides. You can attend the event by watching it streamed LIVE online.
Learn more at http://p.sf.net/sfu/ms-windowsazure
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
