Miroslav, thanks, that is exactly the problem. Unfortunately, when I download
the latest version, svn exits on me when my virus checker complains about one
of the exe files it determined was a virus. I will have to learn svn to see if
I can have it download everything but that file.
I am using burpsuite as a proxy. I guess I could copy/paste everything into a
response file, but as Miroslav says, that would give the same result (but would
be much easier. So thanks, I may have to play with that. Burpsuite
unfortunately does have logging with the free version anymore.
Thanks everyone else too. I will try those if I can not get the latest version
working.
Bob
----- Original Message -----
From: Miroslav Stampar
To: Brandon Perry
Cc: sqlmap-users@lists.sourceforge.net
Sent: Monday, November 21, 2011 4:20 PM
Subject: Re: [sqlmap-users] %26 as part of a POST parameter name on MSWindows
Hi Brandon.
It's a bit complicated. That %26 coincidentally decoded to the default
delimiter value '&' so that probably caused problems in your case with sqlmap.
Please update to the latest revision and try it again.
Kind regards,
Miroslav Stampar
On Mon, Nov 21, 2011 at 8:45 PM, Brandon Perry <bperry.volat...@gmail.com>
wrote:
You may also grab a copy of the free edition of BurpSuite, record the
POST response, and save that to a file.
Then use the -r flag and pass the burp response to sqlmap. Will be
easier to work with.
On Mon, Nov 21, 2011 at 1:44 PM, Brandon Perry
<bperry.volat...@gmail.com> wrote:
> I would say just use a virtual machine. Grab a copy of backtrack,
> update sqlmap, and start from there.
>
> VirtualBox is a free, open source virtualization suite that runs on
> windows. You will have a much better time interacting with sqlmap.
>
> On Mon, Nov 21, 2011 at 1:39 PM, Iago Sousa <146050...@gmail.com> wrote:
>> What is the fld?
>>
>> On Mon, Nov 21, 2011 at 10:30 AM, Bob Simonoff <b...@simonofffamily.com>
>> wrote:
>>>
>>> I have been asked to test a web site for SQL injection. The website
uses
>>> POST and the parameter names all have the 3 characters %26 (percent 26)
as a
>>> separator. This makes thinks difficult, since I am running sqlmap from
>>> windows. First windows is trying to substitute %2 as the second
argument of
>>> the command line, but python is also at play here. I have not found an
>>> escape sequence that allows both windows and python to be happy. I have
>>> tried various combinations of ^, \, and %% to no avail.
>>>
>>> So an example of post data would be:
>>> --data="fld%26First=Bob&fld%26Last=Jones"
>>>
>>> Can anyone provide a recommendation?
>>>
>>> Thanks
>>> Bob
>>>
>>> Apologies if this appears twice, I had trouble with my subscription
>>>
>>>
------------------------------------------------------------------------------
>>> All the data continuously generated in your IT infrastructure
>>> contains a definitive record of customers, application performance,
>>> security threats, fraudulent activity, and more. Splunk takes this
>>> data and makes sense of it. IT sense. And common sense.
>>> http://p.sf.net/sfu/splunk-novd2d
>>> _______________________________________________
>>> sqlmap-users mailing list
>>> sqlmap-users@lists.sourceforge.net
>>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>>>
>>
>>
>>
>> --
>> Iago Sousa
>>
>>
>>
------------------------------------------------------------------------------
>> All the data continuously generated in your IT infrastructure
>> contains a definitive record of customers, application performance,
>> security threats, fraudulent activity, and more. Splunk takes this
>> data and makes sense of it. IT sense. And common sense.
>> http://p.sf.net/sfu/splunk-novd2d
>> _______________________________________________
>> sqlmap-users mailing list
>> sqlmap-users@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>>
>>
>
>
>
> --
> http://volatile-minds.blogspot.com -- blog
> http://www.volatileminds.net -- website
>
--
http://volatile-minds.blogspot.com -- blog
http://www.volatileminds.net -- website
------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure
contains a definitive record of customers, application performance,
security threats, fraudulent activity, and more. Splunk takes this
data and makes sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-novd2d
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
--
Miroslav Stampar
http://about.me/stamparm
------------------------------------------------------------------------------
------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure
contains a definitive record of customers, application performance,
security threats, fraudulent activity, and more. Splunk takes this
data and makes sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-novd2d
------------------------------------------------------------------------------
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure
contains a definitive record of customers, application performance,
security threats, fraudulent activity, and more. Splunk takes this
data and makes sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-novd2d
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
