I tracked it down to ./lib/request/connect.py, line 726. contentType = POST_HINT_CONTENT_TYPES.get(kb.postHint, PLAIN_TEXT_CONTENT_TYPE)
I am specifying a content type explicitly with —headers, so commenting this line out allowed sqlmap to detect the injections (the server returns 50x if the content type isn't right). Not sure what the correct solution is to this, as I understand the intent. Would this be more useful as a github issue? ------------------------------------------------------------------------------ _______________________________________________ sqlmap-users mailing list sqlmap-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/sqlmap-users
