Dear all,
The between tamper script replaces the greater-than sign, but not if it
is part of a string enclosed in quotes or double quotes. Unfortunately
this is the reason why it fails on many boolean based injections like:
Payload: PARAM=dummystring' AND [COMPARISON INCLUDING GREATER THAN] AND
'bla'='bla
Quick fix was to remove the quote checks, but a more sophisticated
solution would be great.
Best regards,
-marek
------------------------------------------------------------------------------
Keep Your Developer Skills Current with LearnDevNow!
The most comprehensive online learning library for Microsoft developers
is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
Metro Style Apps, more. Free future releases when you subscribe now!
http://p.sf.net/sfu/learndevnow-d2d
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
