[sqlmap-users] %26 as part of a POST parameter name on MS Windows
Brought to you by:
inquisb
Menu
▾
▴
[sqlmap-users] %26 as part of a POST parameter name on MS Windows
|
From: Bob S. <bo...@si...> - 2011-11-21 12:24:35
|
I have been asked to test a web site for SQL injection. The website uses POST and the parameter names all have the 3 characters %26 (percent 26) as a separator. This makes thinks difficult, since I am running sqlmap from windows. First windows is trying to substitute %2 as the second argument of the command line, but python is also at play here. I have not found an escape sequence that allows both windows and python to be happy. I have tried various combinations of ^, \, and %% to no avail. So an example of post data would be: --data="fld%26First=Bob&fld%26Last=Jones" Can anyone provide a recommendation? Thanks Bob Apologies if this appears twice, I had trouble with my subscription |
