-u "www.target.com/vuln?string=the" --tamper=space2comment
bye
p.s. please don't use any SQLi inside provided parameter values
On Wed, Oct 1, 2014 at 11:17 AM, Robin Wood <robin@digi.ninja> wrote:
> It was pointed out that I should be URL encoding the *s which removes that
> as a problem but it still isn't quite working properly, probably because of
> the spaces. Got limited time on this test so going to leave it for now and
> will build a lab to look at it properly later.
>
> Robin
>
> On 1 October 2014 09:54, Robin Wood <robin@digi.ninja> wrote:
>
>> I've got the following vulnerable querystring value:
>>
>> string=the%%22/**/and/**/1=1/**/and/**/%22%%22=%22
>>
>> Where with 1=1 I get data back, 1=0 is false so no data.
>>
>> I can't use spaces which is why I've have to go for /**/.
>>
>> How do I tell sqlmap where the injection point is and to use /**/ instead
>> of spaces?
>>
>> Robin
>>
>
>
>
> ------------------------------------------------------------------------------
> Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer
> Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports
> Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper
> Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer
>
> http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk
> _______________________________________________
> sqlmap-users mailing list
> sqlmap-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>
--
Miroslav Stampar
http://about.me/stamparm
------------------------------------------------------------------------------
Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer
Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports
Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper
Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer
http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users