Hi Brandon.
It's a bit complicated. That %26 coincidentally decoded to the default
delimiter value '&' so that probably caused problems in your case with
sqlmap.
Please update to the latest revision and try it again.
Kind regards,
Miroslav Stampar
On Mon, Nov 21, 2011 at 8:45 PM, Brandon Perry <bperry.volat...@gmail.com>wrote:
> You may also grab a copy of the free edition of BurpSuite, record the
> POST response, and save that to a file.
>
> Then use the -r flag and pass the burp response to sqlmap. Will be
> easier to work with.
>
> On Mon, Nov 21, 2011 at 1:44 PM, Brandon Perry
> <bperry.volat...@gmail.com> wrote:
> > I would say just use a virtual machine. Grab a copy of backtrack,
> > update sqlmap, and start from there.
> >
> > VirtualBox is a free, open source virtualization suite that runs on
> > windows. You will have a much better time interacting with sqlmap.
> >
> > On Mon, Nov 21, 2011 at 1:39 PM, Iago Sousa <146050...@gmail.com> wrote:
> >> What is the fld?
> >>
> >> On Mon, Nov 21, 2011 at 10:30 AM, Bob Simonoff <b...@simonofffamily.com>
> >> wrote:
> >>>
> >>> I have been asked to test a web site for SQL injection. The website
> uses
> >>> POST and the parameter names all have the 3 characters %26 (percent
> 26) as a
> >>> separator. This makes thinks difficult, since I am running sqlmap from
> >>> windows. First windows is trying to substitute %2 as the second
> argument of
> >>> the command line, but python is also at play here. I have not found an
> >>> escape sequence that allows both windows and python to be happy. I have
> >>> tried various combinations of ^, \, and %% to no avail.
> >>>
> >>> So an example of post data would be:
> >>> --data="fld%26First=Bob&fld%26Last=Jones"
> >>>
> >>> Can anyone provide a recommendation?
> >>>
> >>> Thanks
> >>> Bob
> >>>
> >>> Apologies if this appears twice, I had trouble with my subscription
> >>>
> >>>
> ------------------------------------------------------------------------------
> >>> All the data continuously generated in your IT infrastructure
> >>> contains a definitive record of customers, application performance,
> >>> security threats, fraudulent activity, and more. Splunk takes this
> >>> data and makes sense of it. IT sense. And common sense.
> >>> http://p.sf.net/sfu/splunk-novd2d
> >>> _______________________________________________
> >>> sqlmap-users mailing list
> >>> sqlmap-users@lists.sourceforge.net
> >>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
> >>>
> >>
> >>
> >>
> >> --
> >> Iago Sousa
> >>
> >>
> >>
> ------------------------------------------------------------------------------
> >> All the data continuously generated in your IT infrastructure
> >> contains a definitive record of customers, application performance,
> >> security threats, fraudulent activity, and more. Splunk takes this
> >> data and makes sense of it. IT sense. And common sense.
> >> http://p.sf.net/sfu/splunk-novd2d
> >> _______________________________________________
> >> sqlmap-users mailing list
> >> sqlmap-users@lists.sourceforge.net
> >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
> >>
> >>
> >
> >
> >
> > --
> > http://volatile-minds.blogspot.com -- blog
> > http://www.volatileminds.net -- website
> >
>
>
>
> --
> http://volatile-minds.blogspot.com -- blog
> http://www.volatileminds.net -- website
>
>
> ------------------------------------------------------------------------------
> All the data continuously generated in your IT infrastructure
> contains a definitive record of customers, application performance,
> security threats, fraudulent activity, and more. Splunk takes this
> data and makes sense of it. IT sense. And common sense.
> http://p.sf.net/sfu/splunk-novd2d
> _______________________________________________
> sqlmap-users mailing list
> sqlmap-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
--
Miroslav Stampar
http://about.me/stamparm
------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure
contains a definitive record of customers, application performance,
security threats, fraudulent activity, and more. Splunk takes this
data and makes sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-novd2d
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
