Re: [sqlmap-users] %26 as part of a POST parameter name on MS Windows
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] %26 as part of a POST parameter name on MS Windows
|
From: Iago S. <146...@gm...> - 2011-11-21 19:40:06
|
What is the fld? On Mon, Nov 21, 2011 at 10:30 AM, Bob Simonoff <bo...@si...>wrote: > ** > > I have been asked to test a web site for SQL injection. The website uses > POST and the parameter names all have the 3 characters %26 (percent 26) as > a separator. This makes thinks difficult, since I am running sqlmap from > windows. First windows is trying to substitute %2 as the second argument > of the command line, but python is also at play here. I have not found an > escape sequence that allows both windows and python to be happy. I have > tried various combinations of ^, \, and %% to no avail. > > So an example of post data would be: > --data="fld%26First=Bob&fld%26Last=Jones" > > Can anyone provide a recommendation? > > Thanks > Bob > > Apologies if this appears twice, I had trouble with my subscription > > > ------------------------------------------------------------------------------ > All the data continuously generated in your IT infrastructure > contains a definitive record of customers, application performance, > security threats, fraudulent activity, and more. Splunk takes this > data and makes sense of it. IT sense. And common sense. > http://p.sf.net/sfu/splunk-novd2d > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Iago Sousa |
