Re: [sqlmap-users] querystrings with *'s and no spaces

Wed, 01 Oct 2014 05:40:05 -0700 

On 1 October 2014 12:37, Miroslav Stampar <miroslav.stam...@gmail.com>
wrote:

> -u "www.target.com/vuln?string=the" --tamper=space2comment
>
> bye
>
> p.s. please don't use any SQLi inside provided parameter values
>

That fixed it, its been a while since I got SQLi on a job so was not
thinking properly.

Robin


> On Wed, Oct 1, 2014 at 11:17 AM, Robin Wood <robin@digi.ninja> wrote:
>
>> It was pointed out that I should be URL encoding the *s which removes
>> that as a problem but it still isn't quite working properly, probably
>> because of the spaces. Got limited time on this test so going to leave it
>> for now and will build a lab to look at it properly later.
>>
>> Robin
>>
>> On 1 October 2014 09:54, Robin Wood <robin@digi.ninja> wrote:
>>
>>> I've got the following vulnerable querystring value:
>>>
>>> string=the%%22/**/and/**/1=1/**/and/**/%22%%22=%22
>>>
>>> Where with 1=1 I get data back, 1=0 is false so no data.
>>>
>>> I can't use spaces which is why I've have to go for /**/.
>>>
>>> How do I tell sqlmap where the injection point is and to use /**/
>>> instead of spaces?
>>>
>>> Robin
>>>
>>
>>
>>
>> ------------------------------------------------------------------------------
>> Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer
>> Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports
>> Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper
>> Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer
>>
>> http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk
>> _______________________________________________
>> sqlmap-users mailing list
>> sqlmap-users@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>>
>>
>
>
> --
> Miroslav Stampar
> http://about.me/stamparm
>

------------------------------------------------------------------------------
Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer
Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports
Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper
Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer
http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users

Reply via email to