Re: [sqlmap-users] How to avoid union filter?
Brought to you by:
inquisb
From: David G. <sk...@gm...> - 2010-04-22 16:12:35
|
What type of filter is used? It removes certain words and executes the query, or simply does not run anything at all? I've came across a filter that removed certain words of parameters passed by users, such as UNION, SELECT, DROP, ALTER, UPDATE, and comments like "--" or "/*". To get around, I used this: http://www.site.com/vuln.php?id=323 UN--ION A--LL SELE--CT 1,2,3 FRO--M table The query was filtered 1x and resulted in the following expression: http://www.site.com/vuln.php?id=323 UNION ALL SELECT 1,2,3 FROM table Hope this help. =) On Thu, Apr 22, 2010 at 2:01 PM, Pagera <pag...@gm...> wrote: > hello > > is there anyway to avoid server filter ? like filtering union or select > in the URL? > > coz sqlmap seems doesnt work when there is a filtering > > thankx > > > ------------------------------------------------------------------------------ > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > -- David Gomes Guimarães |