hi Kirill.
for something like this stacked queries should be supported while you
can see that from your injection info there is no stacked injection
vulnerability (as other command than select cannot be inserted into
vulnerable query).
kr
On Sun, May 1, 2011 at 9:34 PM, Kirill Morozov wrote:
>
Hi,
is it possible to make "insert/update" queries via sql injection bugs?
I tried at my test machine via "--sql-query", but i didn't see query in
request_uri:
(admin@rpmbuild)-(09:03 PM Tue Apr 26)-(~/sqlmap-dev)
$ python26 sqlmap.py -u "10.0.0.60/sql/user.php?id=1" -t t3.log
--sql-query="inser
hi all.
it's strange that nobody has noticed this till now :)))
this bug was (in cases when the pivot column used was an integer
based) trimming/preventing dumping of entire table contents of some
DBMSes supported by sqlmap, like MSSQL, Sybase and MaxDB :)
thank you Tom very much for this report
