That could work. On Thu, May 28, 2015 at 2:24 PM, Chris Oakley <christopher.oak...@gmail.com> wrote:
> "Flex is hard because you have to update the integer that tells flex how > long a string is" > > It might be possible to address this with the --eval option > > On 28 May 2015 at 14:59, Brandon Perry <bperry.volat...@gmail.com> wrote: > >> Flex is hard because you have to update the integer that tells flex how >> long a string is, unless I am mistaken. >> >> If not, you could try with the * marker to tell sqlmap exactly where the >> injection point is. >> >> On Thu, May 28, 2015 at 1:21 PM, Christopher Downs < >> chris.do...@chromeriver.com> wrote: >> >>> Good afternoon gents, >>> I am a profession penetration tester and have a rather difficult >>> injection point for one of my customers. >>> >>> I can trigger the exception by pausing traffic with burp and inserting >>> NULL's into the user | pass via a back end flex call. Is there a way to >>> take advantage of sqlmap to inject via flex remoting objects ? >>> >>> If not I will have to write this myself but I thought I may ask the list >>> first. >>> >>> Thanks. >>> Sincerely, >>> Christopher M Downs >>> >>> -- >>> [image: Description: Chrome] >>> >>> Chris Downs | System Administrator >>> >>> main >>> >>> 888.781.0088 >>> >>> email >>> >>> *chris.do...@chromeriver.com <chris.do...@chromeriver.com>* >>> >>> web >>> >>> www.chromeriver.com >>> >>> >>> ------------------------------------------------------------------------------ >>> >>> _______________________________________________ >>> sqlmap-users mailing list >>> sqlmap-users@lists.sourceforge.net >>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >>> >>> >> >> >> -- >> http://volatile-minds.blogspot.com -- blog >> http://www.volatileminds.net -- website >> >> >> ------------------------------------------------------------------------------ >> >> _______________________________________________ >> sqlmap-users mailing list >> sqlmap-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> >> > -- http://volatile-minds.blogspot.com -- blog http://www.volatileminds.net -- website
------------------------------------------------------------------------------
_______________________________________________ sqlmap-users mailing list sqlmap-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/sqlmap-users
