Exploiting difficult SQL injection vulnerabilities using sqlmap: Part 1


A number of times when discovering “tricky” SQL Injection vulnerabilities during penetration tests, I have taken the approach of exploiting them by writing custom tools.  This usually after spending 5 minutes blindly poking at the vulnerability with sqlmap, and then stopping when it didn’t immediately magic the answer for me.

OK, there have been a number of times where sqlmap has

*** This is a Security Bloggers Network syndicated blog from The Grey Corner authored by Stephen Bradshaw. Read the original post at: http://www.thegreycorner.com/2017/01/exploiting-difficult-sql-injection.html