A number of times when discovering “tricky” SQL Injection vulnerabilities during penetration tests, I have taken the approach of exploiting them by writing custom tools. This usually after spending 5 minutes blindly poking at the vulnerability with sqlmap, and then stopping when it didn’t immediately magic the answer for me.
OK, there have been a number of times where sqlmap has
This is a Security Bloggers Network syndicated blog post authored by Stephen Bradshaw. Read the original post at: The Grey Corner