Hi.
This is wrong way to do it.
Proper way is to escape double quotes with backslash (\) on Windows OS
(when calling python interpreter).
Example:
python sqlmap.py -u --prefix="*\"*" .
Kind regards,
Miroslav Stampar
On Sun, Mar 10, 2013 at 10:35 AM, lars peters wrote:
> hello proble
hello
i am trying to test a web app with injection in the x-forwarded-for header and
sqlmap filters out the injection chars.
the injection is 1"' or 1'" and sqlmap changes to 1' or 1"
sqlmap.py -u "http://www.testing/vuln/"; --prefix=" ' " "
--headers="x-forwarded-for: *" <---is filtered
sqlm
Hi.
It's not filtered by sqlmap but by OS command prompt. Which OS do you use?
Have you tried to echo that prefix string (e.g. echo "...) to see what's
happening?
Kind regards,
Miroslav Stampar
Dana 10.3.2013. 09:19 "lars peters" je napisao/la:
> hello
>
> i am trying to test a web app with in
