Use --tamper=tamper/space2comment.py
On Mon, Jul 2, 2012 at 6:02 PM, cats <d...@alcor.se> wrote:
> Hello there! :-)
>
> Just a quick question.
> Does sqlmap currently handle injections like this?
>
> http://example.com?someparam=1/*!and 1=1*/
>
> That is, if there is a filter that prevents a more common injection like
> someparam=1 AND 1=1 from working, then using this type of commenting
> would execute it and sometimes bypass the filter.
>
> Reason I ask is because I was recently testing out a new web application
> using sqlmap, and it didn't seem to detect this injection even though I
> know it's there (The server doesn't respond if it detects an injection,
> thus sqlmap keeps timing out).
>
> Thanks for any response in advance :-)
>
>
>
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> sqlmap-users mailing list
> sqlmap-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
--
Regards,
Iago Sousa
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
