You may also grab a copy of the free edition of BurpSuite, record the POST response, and save that to a file.
Then use the -r flag and pass the burp response to sqlmap. Will be easier to work with. On Mon, Nov 21, 2011 at 1:44 PM, Brandon Perry <bperry.volat...@gmail.com> wrote: > I would say just use a virtual machine. Grab a copy of backtrack, > update sqlmap, and start from there. > > VirtualBox is a free, open source virtualization suite that runs on > windows. You will have a much better time interacting with sqlmap. > > On Mon, Nov 21, 2011 at 1:39 PM, Iago Sousa <146050...@gmail.com> wrote: >> What is the fld? >> >> On Mon, Nov 21, 2011 at 10:30 AM, Bob Simonoff <b...@simonofffamily.com> >> wrote: >>> >>> I have been asked to test a web site for SQL injection. The website uses >>> POST and the parameter names all have the 3 characters %26 (percent 26) as a >>> separator. This makes thinks difficult, since I am running sqlmap from >>> windows. First windows is trying to substitute %2 as the second argument of >>> the command line, but python is also at play here. I have not found an >>> escape sequence that allows both windows and python to be happy. I have >>> tried various combinations of ^, \, and %% to no avail. >>> >>> So an example of post data would be: >>> --data="fld%26First=Bob&fld%26Last=Jones" >>> >>> Can anyone provide a recommendation? >>> >>> Thanks >>> Bob >>> >>> Apologies if this appears twice, I had trouble with my subscription >>> >>> ------------------------------------------------------------------------------ >>> All the data continuously generated in your IT infrastructure >>> contains a definitive record of customers, application performance, >>> security threats, fraudulent activity, and more. Splunk takes this >>> data and makes sense of it. IT sense. And common sense. >>> http://p.sf.net/sfu/splunk-novd2d >>> _______________________________________________ >>> sqlmap-users mailing list >>> sqlmap-users@lists.sourceforge.net >>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >>> >> >> >> >> -- >> Iago Sousa >> >> >> ------------------------------------------------------------------------------ >> All the data continuously generated in your IT infrastructure >> contains a definitive record of customers, application performance, >> security threats, fraudulent activity, and more. Splunk takes this >> data and makes sense of it. IT sense. And common sense. >> http://p.sf.net/sfu/splunk-novd2d >> _______________________________________________ >> sqlmap-users mailing list >> sqlmap-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> >> > > > > -- > http://volatile-minds.blogspot.com -- blog > http://www.volatileminds.net -- website > -- http://volatile-minds.blogspot.com -- blog http://www.volatileminds.net -- website ------------------------------------------------------------------------------ All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-novd2d _______________________________________________ sqlmap-users mailing list sqlmap-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/sqlmap-users
