Re: [sqlmap-users] Injection in Host: header

Sun, 18 Dec 2011 08:50:09 -0800 

I might be able to take a stab at hacking something up - where would I attempt 
to add this functionality?

--Anindya



________________________________
 From: Miroslav Stampar <miroslav.stam...@gmail.com>
To: A C <anindya.chakrabe...@yahoo.com> 
Cc: "sqlmap-users@lists.sourceforge.net" <sqlmap-users@lists.sourceforge.net> 
Sent: Wednesday, December 14, 2011 11:03 AM
Subject: Re: [sqlmap-users] Injection in Host: header
 

Hi.

This moment there isn't support for Host header. I won't promise anything but 
maybe it will be implemented these days.

Kind regards


On Mon, Dec 12, 2011 at 11:26 PM, A C <anindya.chakrabe...@yahoo.com> wrote:

Hi sqlmap users,
>
>
>I've successfully used sqlmap to do wonderful things though parameters of web 
>applications but I've recently come across an app which seems to have a 
>possible injection flaw in the Host: header field. in other words, if I put a 
>single quote (or other SQL) in the Host: header with my normal HTTP request, I 
>will get back a MySQL error similar to the following:
>
>
>Error: <br />1064: You have an error in your SQL syntax; check the manual that 
>c
>orresponds to your MySQL server version for the right syntax to use near 
>'ORDER 
>BY pag_gr desc, pag_cat desc, pag_ide desc, sit_typ desc' at line 1
>
>
>
>I'm can't seem to find a way to use sqlmap to perform its normal magic - is 
>there a way to do this?
>
>
>Thanks!
>--Anindya
>------------------------------------------------------------------------------
>Learn Windows Azure Live!  Tuesday, Dec 13, 2011
>Microsoft is holding a special Learn Windows Azure training event for
>developers. It will provide a great way to learn Windows Azure and what it
>provides. You can attend the event by watching it streamed LIVE online.
>Learn more at http://p.sf.net/sfu/ms-windowsazure
>_______________________________________________
>sqlmap-users mailing list
>sqlmap-users@lists.sourceforge.net
>https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>


-- 
Miroslav Stampar
http://about.me/stamparm
------------------------------------------------------------------------------
Learn Windows Azure Live!  Tuesday, Dec 13, 2011
Microsoft is holding a special Learn Windows Azure training event for 
developers. It will provide a great way to learn Windows Azure and what it 
provides. You can attend the event by watching it streamed LIVE online.  
Learn more at http://p.sf.net/sfu/ms-windowsazure
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users

Reply via email to