> On May 30, 2018, at 8:49 AM, Miroslav Stampar
> wrote:
>
> Hi.
>
> Just added new tamper script to the HEAD. Please update and try
> --tamper=0x2char
>
> p.s. There is no need for unhex (as you'll see by running this new tamper
> script)
Perfect, this works like a charm! Thanks for the
Hi.
Just added new tamper script to the HEAD. Please update and try
--tamper=0x2char
p.s. There is no need for unhex (as you'll see by running this new tamper
script)
Kind regards,
Miroslav Stampar
On Wed, May 30, 2018 at 12:49 PM, Brandon Perry
wrote:
> I’ve come across a SQL injection that
I’ve come across a SQL injection that uppercases the input, so that 0x
becomes 0X. This isn’t a valid hex value in MySQL since 0X is required to
use a lowercase x. I attempted to use a quick —eval argument to change the
syntax from 0x to X’’, but the single quotes in the X’' syntax end u
