hi. now after last commit (added ./tamper/equaltolike.py tampering script) you can avoid filtering of >, < and = chars with:
--tamper="between,equaltolike" kr On Sat, May 28, 2011 at 1:28 PM, Miroslav Stampar <miroslav.stam...@gmail.com> wrote: > hi Georgio. > > we have a mechanism called "tampering" for doing this kind of things. > > e.g. for dealing with characters > and < you can try to use > --tamper=between which will replace standard greater/lesser than > characters in inference by BETWEEN operator > > kr > > On Sat, May 28, 2011 at 1:02 PM, Giorgio Fedon <giorgio.fe...@gmail.com> > wrote: >> Dear List, >> >> A tool cannot deal automatically with particular contexts and situations. >> A common reason of failure for SQL injection tools is the fact that >> some field are vulnerable but somehow sanitized. >> >> If fields are sanitized the Penetration tester must: >> 1) Understand which characters are filtered and how >> 2) Find how to make the blind SQL logic to work even if there are >> restrictions in place >> 3) Use a tool that can be customized with your new logic >> >> SQL is the best tool available for me (I am a strong SQLmap supporter >> :D) because it's yet powerful, but also fully customizable and meets >> perfectly these requirements. >> >> You can find the post here: >> http://blog.mindedsecurity.com/2011/05/customizing-sqlmap-to-bypass-weak-but.html >> >> Thank you, >> >> Giorgio Fedon >> >> ------------------------------------------------------------------------------ >> vRanger cuts backup time in half-while increasing security. >> With the market-leading solution for virtual backup and recovery, >> you get blazing-fast, flexible, and affordable data protection. >> Download your free trial now. >> http://p.sf.net/sfu/quest-d2dcopy1 >> _______________________________________________ >> sqlmap-users mailing list >> sqlmap-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> > > > > -- > Miroslav Stampar > > E-mail: miroslav.stampar (at) gmail.com > PGP Key ID: 0xB5397B1B > -- Miroslav Stampar E-mail: miroslav.stampar (at) gmail.com PGP Key ID: 0xB5397B1B ------------------------------------------------------------------------------ vRanger cuts backup time in half-while increasing security. With the market-leading solution for virtual backup and recovery, you get blazing-fast, flexible, and affordable data protection. Download your free trial now. http://p.sf.net/sfu/quest-d2dcopy1 _______________________________________________ sqlmap-users mailing list sqlmap-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/sqlmap-users