Hi.
It's not filtered by sqlmap but by OS command prompt. Which OS do you use?
Have you tried to echo that prefix string (e.g. echo "...) to see what's
happening?
Kind regards,
Miroslav Stampar
Dana 10.3.2013. 09:19 "lars peters" <lars.pet...@mail.com> je napisao/la:
> hello
>
> i am trying to test a web app with injection in the x-forwarded-for header
> and sqlmap filters out the injection chars.
>
> the injection is 1"' or 1'" and sqlmap changes to 1' or 1"
>
> sqlmap.py -u "http://www.testing/vuln/"; --prefix=" ' " "
> --headers="x-forwarded-for: *" <---is filtered
>
> sqlmap.py -u "http://www.testing/vuln/"; --prefix=" " "
> --headers="x-forwarded-for: * " " <---is filtered
>
> i put the spaces there to see.
>
> is there a fix for this?
>
> regards lars
>
------------------------------------------------------------------------------
Symantec Endpoint Protection 12 positioned as A LEADER in The Forrester
Wave(TM): Endpoint Security, Q1 2013 and "remains a good choice" in the
endpoint security space. For insight on selecting the right partner to
tackle endpoint security challenges, access the full report.
http://p.sf.net/sfu/symantec-dev2dev
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
