I have been asked to test a web site for SQL injection. The website uses POST
and the parameter names all have the 3 characters %26 (percent 26) as a
separator. This makes thinks difficult, since I am running sqlmap from windows.
First windows is trying to substitute %2 as the second argument of the command
line, but python is also at play here. I have not found an escape sequence
that allows both windows and python to be happy. I have tried various
combinations of ^, \, and %% to no avail.
So an example of post data would be:
--data="fld%26First=Bob&fld%26Last=Jones"
Can anyone provide a recommendation?
Thanks
Bob
Apologies if this appears twice, I had trouble with my subscription
------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure
contains a definitive record of customers, application performance,
security threats, fraudulent activity, and more. Splunk takes this
data and makes sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-novd2d
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
