Hi Brandon.
It's a bit complicated. That %26 coincidentally decoded to the default
delimiter value '&' so that probably caused problems in your case with
sqlmap.
Please update to the latest revision and try it again.
Kind regards,
Miroslav Stampar
On Mon, Nov 21, 2011 at 8:45 PM, Brandon Perry
You may also grab a copy of the free edition of BurpSuite, record the
POST response, and save that to a file.
Then use the -r flag and pass the burp response to sqlmap. Will be
easier to work with.
On Mon, Nov 21, 2011 at 1:44 PM, Brandon Perry
wrote:
> I would say just use a virtual machine. Gr
I would say just use a virtual machine. Grab a copy of backtrack,
update sqlmap, and start from there.
VirtualBox is a free, open source virtualization suite that runs on
windows. You will have a much better time interacting with sqlmap.
On Mon, Nov 21, 2011 at 1:39 PM, Iago Sousa <146050...@gmai
What is the fld?
On Mon, Nov 21, 2011 at 10:30 AM, Bob Simonoff wrote:
> **
>
> I have been asked to test a web site for SQL injection. The website uses
> POST and the parameter names all have the 3 characters %26 (percent 26) as
> a separator. This makes thinks difficult, since I am running sql
I have been asked to test a web site for SQL injection. The website uses POST
and the parameter names all have the 3 characters %26 (percent 26) as a
separator. This makes thinks difficult, since I am running sqlmap from windows.
First windows is trying to substitute %2 as the second argument
