Re: [sqlmap-users] tag FORM not supported

Thu, 09 Aug 2012 04:49:11 -0700 

Hi.

This is solely coming from a 3rd party library ClientForm [1] and we don't
like to change anything inside those. Nevertheless, find it "patched" with
the latest commit [2].

Kind regards,
Miroslav Stampar

[1] http://pypi.python.org/pypi/ClientForm/0.2.10
[2] https://github.com/sqlmapproject/sqlmap/issues/143

On Thu, Aug 9, 2012 at 12:42 PM, Chris Oakley
<christopher.oak...@gmail.com>wrote:

> Even though it's wrong to use GET with this enctype, I think it will still
> work:
>
> http://oi49.tinypic.com/2yn2r9w.jpg
>
> So if this is interacting with a database, there could still be an
> injection.  Perhaps the check that sqlmap does is too simplistic?
>
> Regards
>
> Chris
>
> On 9 August 2012 11:23, Marco Mirandola <mmmc...@gmail.com> wrote:
>
>> But rather than check enctype = "multipart / form-data", which in my case
>> does not include any upload (see attached html), because not only excludes
>> only the possible upload?
>> we are in the attached example:
>>
>> 2 select (combobox)
>> 3 checkboxes
>>
>> both valid for the injection ...
>>
>>
>>
>> ------------------------------------------------------------------------------
>> Live Security Virtual Conference
>> Exclusive live event will cover all the ways today's security and
>> threat landscape has changed and how IT managers can respond. Discussions
>> will include endpoint security, mobile security and the latest in malware
>> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
>> _______________________________________________
>> sqlmap-users mailing list
>> sqlmap-users@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>>
>>
>


-- 
Miroslav Stampar
http://about.me/stamparm

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users

Reply via email to