What is the fld?
On Mon, Nov 21, 2011 at 10:30 AM, Bob Simonoff <b...@simonofffamily.com>wrote:
> **
>
> I have been asked to test a web site for SQL injection. The website uses
> POST and the parameter names all have the 3 characters %26 (percent 26) as
> a separator. This makes thinks difficult, since I am running sqlmap from
> windows. First windows is trying to substitute %2 as the second argument
> of the command line, but python is also at play here. I have not found an
> escape sequence that allows both windows and python to be happy. I have
> tried various combinations of ^, \, and %% to no avail.
>
> So an example of post data would be:
> --data="fld%26First=Bob&fld%26Last=Jones"
>
> Can anyone provide a recommendation?
>
> Thanks
> Bob
>
> Apologies if this appears twice, I had trouble with my subscription
>
>
> ------------------------------------------------------------------------------
> All the data continuously generated in your IT infrastructure
> contains a definitive record of customers, application performance,
> security threats, fraudulent activity, and more. Splunk takes this
> data and makes sense of it. IT sense. And common sense.
> http://p.sf.net/sfu/splunk-novd2d
> _______________________________________________
> sqlmap-users mailing list
> sqlmap-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>
--
Iago Sousa
------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure
contains a definitive record of customers, application performance,
security threats, fraudulent activity, and more. Splunk takes this
data and makes sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-novd2d
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
