"Flex is hard because you have to update the integer that tells flex how long a string is"
It might be possible to address this with the --eval option On 28 May 2015 at 14:59, Brandon Perry <[email protected]> wrote: > Flex is hard because you have to update the integer that tells flex how > long a string is, unless I am mistaken. > > If not, you could try with the * marker to tell sqlmap exactly where the > injection point is. > > On Thu, May 28, 2015 at 1:21 PM, Christopher Downs < > [email protected]> wrote: > >> Good afternoon gents, >> I am a profession penetration tester and have a rather difficult >> injection point for one of my customers. >> >> I can trigger the exception by pausing traffic with burp and inserting >> NULL's into the user | pass via a back end flex call. Is there a way to >> take advantage of sqlmap to inject via flex remoting objects ? >> >> If not I will have to write this myself but I thought I may ask the list >> first. >> >> Thanks. >> Sincerely, >> Christopher M Downs >> >> -- >> [image: Description: Chrome] >> >> Chris Downs | System Administrator >> >> main >> >> 888.781.0088 >> >> email >> >> *[email protected] <[email protected]>* >> >> web >> >> www.chromeriver.com >> >> >> ------------------------------------------------------------------------------ >> >> _______________________________________________ >> sqlmap-users mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> >> > > > -- > http://volatile-minds.blogspot.com -- blog > http://www.volatileminds.net -- website > > > ------------------------------------------------------------------------------ > > _______________________________________________ > sqlmap-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > >
------------------------------------------------------------------------------
_______________________________________________ sqlmap-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/sqlmap-users
