Re: [sqlmap-users] Injection in Host: header

Wed, 14 Dec 2011 08:03:52 -0800 

Hi.

This moment there isn't support for Host header. I won't promise anything
but maybe it will be implemented these days.

Kind regards

On Mon, Dec 12, 2011 at 11:26 PM, A C <anindya.chakrabe...@yahoo.com> wrote:

> Hi sqlmap users,
>
> I've successfully used sqlmap to do wonderful things though parameters of
> web applications but I've recently come across an app which seems to have a
> possible injection flaw in the Host: header field. in other words, if I put
> a single quote (or other SQL) in the Host: header with my normal HTTP
> request, I will get back a MySQL error similar to the following:
>
> Error: <br />1064: You have an error in your SQL syntax; check the manual
> that c
> orresponds to your MySQL server version for the right syntax to use near
> 'ORDER
> BY pag_gr desc, pag_cat desc, pag_ide desc, sit_typ desc' at line 1
>
> I'm can't seem to find a way to use sqlmap to perform its normal magic -
> is there a way to do this?
>
> Thanks!
> --Anindya
>
>
> ------------------------------------------------------------------------------
> Learn Windows Azure Live!  Tuesday, Dec 13, 2011
> Microsoft is holding a special Learn Windows Azure training event for
> developers. It will provide a great way to learn Windows Azure and what it
> provides. You can attend the event by watching it streamed LIVE online.
> Learn more at http://p.sf.net/sfu/ms-windowsazure
> _______________________________________________
> sqlmap-users mailing list
> sqlmap-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>


-- 
Miroslav Stampar
http://about.me/stamparm

------------------------------------------------------------------------------
Cloud Computing - Latest Buzzword or a Glimpse of the Future?
This paper surveys cloud computing today: What are the benefits? 
Why are businesses embracing it? What are its payoffs and pitfalls?
http://www.accelacomm.com/jaw/sdnl/114/51425149/
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users

Reply via email to