Ah, I didn't try that one before.
That did the trick, thanks! :-)
On 2013-06-03 09:35, Dennis wrote:
> Haven't tried, but if it's just for the '>' character, you might wanna
> try '--tamper=between'. That should get rid of the '>' character in
> the
> payloads.
>
> Cheers
> Dennis
>
>
> Am 01.
Haven't tried, but if it's just for the '>' character, you might wanna
try '--tamper=between'. That should get rid of the '>' character in the
payloads.
Cheers
Dennis
Am 01.06.2013 22:39, schrieb d...@alcor.se:
> Just to add a bit to this, I tried something else that I got to work.
> I changed t
Just to add a bit to this, I tried something else that I got to work.
I changed the sqlmap payload by using LEAST(), which became this:
',(SELECT/**/1/**/AND/**/9457=IF((LEAST(ORD(MID((IFNULL(CAST(CURRENT_USER()/**/AS/**/CHAR),0x20)),1,1)),16)=16),SLEEP(5),9457)/**/)),('
Is this something sqlmap
Hey guys, I have a server at work where there's an SQLi in an INSERT,
but I can't prove that it's actually a threat so far due to a little
"filter" that replaces some input characters.
I crafted a little injection that injects a sleep into the insert, and
makes it sleep for 10 seconds, and then
