use tamper scripts. --tamper=between should do the trick if I'm not
mistaken.
Cheers,
Dennis
Am 18.01.2013 12:54, schrieb w...@pohlcity.de:
> Hi all,
>
> my current test is a web application that redirects me to a generic
> page, whenever < or > is present in a parameter - before the query
> gets to the application logic.
> The application is injectable with a blind injection (MSSQL, proven by
> manual checking and also found by sqlmap). But if I try e.g.
> --current-user, sqlmap uses a query
> with greater than ">" in the where clause :-(
>
> Is it possible to use other queries (like only "=" or "!=" or contains)?
> I'm to lazy to program this myself - or try to understand the perl -
> programs I used ages ago ;-)
>
>
> Kind regards,
>
> Chris
>
>
> ------------------------------------------------------------------------------
> Master HTML5, CSS3, ASP.NET, MVC, AJAX, Knockout.js, Web API and
> much more. Get web development skills now with LearnDevNow -
> 350+ hours of step-by-step video tutorials by Microsoft MVPs and experts.
> SALE $99.99 this month only -- learn more at:
> http://p.sf.net/sfu/learnmore_122812
>
>
> _______________________________________________
> sqlmap-users mailing list
> sqlmap-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
------------------------------------------------------------------------------
Master HTML5, CSS3, ASP.NET, MVC, AJAX, Knockout.js, Web API and
much more. Get web development skills now with LearnDevNow -
350+ hours of step-by-step video tutorials by Microsoft MVPs and experts.
SALE $99.99 this month only -- learn more at:
http://p.sf.net/sfu/learnmore_122812
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
