A number of times when discovering “tricky” SQL Injection vulnerabilities during penetration tests, I have taken the approach of exploiting them by writing custom tools. This usually after spending 5 minutes blindly poking at the vulnerability with sqlmap, and then stopping when it didn’t immediately magic the answer for me.
OK, there have been a number of times where sqlmap has
*** This is a Security Bloggers Network syndicated blog from The Grey Corner authored by Stephen Bradshaw. Read the original post at: http://www.thegreycorner.com/2017/01/exploiting-difficult-sql-injection.html