Flex is hard because you have to update the integer that tells flex how long a string is, unless I am mistaken.
If not, you could try with the * marker to tell sqlmap exactly where the injection point is. On Thu, May 28, 2015 at 1:21 PM, Christopher Downs < chris.do...@chromeriver.com> wrote: > Good afternoon gents, > I am a profession penetration tester and have a rather difficult injection > point for one of my customers. > > I can trigger the exception by pausing traffic with burp and inserting > NULL's into the user | pass via a back end flex call. Is there a way to > take advantage of sqlmap to inject via flex remoting objects ? > > If not I will have to write this myself but I thought I may ask the list > first. > > Thanks. > Sincerely, > Christopher M Downs > > -- > [image: Description: Chrome] > > Chris Downs | System Administrator > > main > > 888.781.0088 > > email > > *chris.do...@chromeriver.com <chris.do...@chromeriver.com>* > > web > > www.chromeriver.com > > > ------------------------------------------------------------------------------ > > _______________________________________________ > sqlmap-users mailing list > sqlmap-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- http://volatile-minds.blogspot.com -- blog http://www.volatileminds.net -- website
------------------------------------------------------------------------------
_______________________________________________ sqlmap-users mailing list sqlmap-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/sqlmap-users
