Re: [sqlmap-users] querystrings with *'s and no spaces
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] querystrings with *'s and no spaces
|
From: Robin W. <ro...@di...> - 2014-10-01 09:17:44
|
It was pointed out that I should be URL encoding the *s which removes that as a problem but it still isn't quite working properly, probably because of the spaces. Got limited time on this test so going to leave it for now and will build a lab to look at it properly later. Robin On 1 October 2014 09:54, Robin Wood <ro...@di...nja> wrote: > I've got the following vulnerable querystring value: > > string=the%%22/**/and/**/1=1/**/and/**/%22%%22=%22 > > Where with 1=1 I get data back, 1=0 is false so no data. > > I can't use spaces which is why I've have to go for /**/. > > How do I tell sqlmap where the injection point is and to use /**/ instead > of spaces? > > Robin > |