ENV:
target url : set-cookie:admin=abc
sqlmap: --cookie "admin=abc" -p admin --level 2
in lib.request.basic.forgeHeaders
when kb.mergeCookies is set True by default,
payloads in cookie will be override in code below:
if kb.mergeCookies:
_ = lambda x: re.sub(r"(?i)\b%s=[^%s]+" % (re.escape(cookie.name), conf.cookieDel or DEFAULT_COOKIE_DELIMITER), "%s=%s" % (cookie.name, getUnicode(cookie.value)), x)
headers[HTTP_HEADER.COOKIE] = _(headers[HTTP_HEADER.COOKIE])payload will not in headers[HTTP_HEADER.COOKIE] and sql injection check will be failed.
Try merge cookie with default input 'N' can detect the injection
ENV:
target url : set-cookie:admin=abc
sqlmap: --cookie "admin=abc" -p admin --level 2
in
lib.request.basic.forgeHeaderswhen
kb.mergeCookiesis setTrueby default,payloads in cookie will be override in code below:
payload will not in
headers[HTTP_HEADER.COOKIE]and sql injection check will be failed.Try merge cookie with default input 'N' can detect the injection