Hi Bernardo,
Thank you very much for the quick reply.
On Tue, Nov 8, 2011 at 2:58 PM, Bernardo Damele A. G. <
bernardo.dam...@gmail.com> wrote:
> Hi David,
>
> On 8 November 2011 13:13, David Alvarez wrote:
> > ...
> > The problem is that sqlmap is not able to detect differences because when
>
Hi David,
On 8 November 2011 13:13, David Alvarez wrote:
> ...
> The problem is that sqlmap is not able to detect differences because when
> sqlmap execute A) the value will be locked, so the following requests won't
> modify the results in the database, the item is locked, and all responses
> wi
Hello,
I detected a simple sql injection in an update query. The vulnerable
functionality locks items of a list.
An example of the vulnerable parameter is:
A) vuln_param=1 AND 1=1
B) vuln_param=1 AND 1=0
The problem is that sqlmap is not able to detect differences because when
sqlmap execute A)
