Hi.
This is wrong way to do it.
Proper way is to escape double quotes with backslash (\) on Windows OS
(when calling python interpreter).
Example:
python sqlmap.py -u .... --prefix="*\"*" .....
Kind regards,
Miroslav Stampar
On Sun, Mar 10, 2013 at 10:35 AM, lars peters <lars.pet...@mail.com> wrote:
> hello problem is solved with more double quotes on cmd two "" = "
>
> but still injection does not work
>
>
>
> ----- Original Message -----
>
> From: Miroslav Stampar
>
> Sent: 03/10/13 07:38 PM
>
> To: lars peters
>
> Subject: Re: double quite problem
>
>
> Hi.
>
> It's not filtered by sqlmap but by OS command prompt. Which OS do you use?
>
> Have you tried to echo that prefix string (e.g. echo "...) to see what's
> happening?
>
> Kind regards,
> Miroslav Stampar
> Dana 10.3.2013. 09:19 "lars peters" <lars.pet...@mail.com> je napisao/la:
>>
>> hello
>>
>> i am trying to test a web app with injection in the x-forwarded-for
>> header and sqlmap filters out the injection chars.
>>
>> the injection is 1"' or 1'" and sqlmap changes to 1' or 1"
>>
>> sqlmap.py -u "http://www.testing/vuln/"; --prefix=" ' " "
>> --headers="x-forwarded-for: *" <---is filtered
>>
>> sqlmap.py -u "http://www.testing/vuln/"; --prefix=" " "
>> --headers="x-forwarded-for: * " " <---is filtered
>>
>> i put the spaces there to see.
>>
>> is there a fix for this?
>>
>> regards lars
>>
>
>
--
Miroslav Stampar
http://about.me/stamparm
------------------------------------------------------------------------------
Symantec Endpoint Protection 12 positioned as A LEADER in The Forrester
Wave(TM): Endpoint Security, Q1 2013 and "remains a good choice" in the
endpoint security space. For insight on selecting the right partner to
tackle endpoint security challenges, access the full report.
http://p.sf.net/sfu/symantec-dev2dev
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
