hello
i am trying to test a web app with injection in the x-forwarded-for header and
sqlmap filters out the injection chars.
the injection is 1"' or 1'" and sqlmap changes to 1' or 1"
sqlmap.py -u "http://www.testing/vuln/"; --prefix=" ' " "
--headers="x-forwarded-for: *" <---is filtered
sqlmap.py -u "http://www.testing/vuln/"; --prefix=" " "
--headers="x-forwarded-for: * " " <---is filtered
i put the spaces there to see.
is there a fix for this?
regards lars
------------------------------------------------------------------------------
Symantec Endpoint Protection 12 positioned as A LEADER in The Forrester
Wave(TM): Endpoint Security, Q1 2013 and "remains a good choice" in the
endpoint security space. For insight on selecting the right partner to
tackle endpoint security challenges, access the full report.
http://p.sf.net/sfu/symantec-dev2dev
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
