Re: [sqlmap-users] %26 as part of a POST parameter name on MS Windows
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] %26 as part of a POST parameter name on MS Windows
|
From: Brandon P. <bpe...@gm...> - 2011-11-21 19:45:51
|
You may also grab a copy of the free edition of BurpSuite, record the POST response, and save that to a file. Then use the -r flag and pass the burp response to sqlmap. Will be easier to work with. On Mon, Nov 21, 2011 at 1:44 PM, Brandon Perry <bpe...@gm...> wrote: > I would say just use a virtual machine. Grab a copy of backtrack, > update sqlmap, and start from there. > > VirtualBox is a free, open source virtualization suite that runs on > windows. You will have a much better time interacting with sqlmap. > > On Mon, Nov 21, 2011 at 1:39 PM, Iago Sousa <146...@gm...> wrote: >> What is the fld? >> >> On Mon, Nov 21, 2011 at 10:30 AM, Bob Simonoff <bo...@si...> >> wrote: >>> >>> I have been asked to test a web site for SQL injection. The website uses >>> POST and the parameter names all have the 3 characters %26 (percent 26) as a >>> separator. This makes thinks difficult, since I am running sqlmap from >>> windows. First windows is trying to substitute %2 as the second argument of >>> the command line, but python is also at play here. I have not found an >>> escape sequence that allows both windows and python to be happy. I have >>> tried various combinations of ^, \, and %% to no avail. >>> >>> So an example of post data would be: >>> --data="fld%26First=Bob&fld%26Last=Jones" >>> >>> Can anyone provide a recommendation? >>> >>> Thanks >>> Bob >>> >>> Apologies if this appears twice, I had trouble with my subscription >>> >>> ------------------------------------------------------------------------------ >>> All the data continuously generated in your IT infrastructure >>> contains a definitive record of customers, application performance, >>> security threats, fraudulent activity, and more. Splunk takes this >>> data and makes sense of it. IT sense. And common sense. >>> http://p.sf.net/sfu/splunk-novd2d >>> _______________________________________________ >>> sqlmap-users mailing list >>> sql...@li... >>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >>> >> >> >> >> -- >> Iago Sousa >> >> >> ------------------------------------------------------------------------------ >> All the data continuously generated in your IT infrastructure >> contains a definitive record of customers, application performance, >> security threats, fraudulent activity, and more. Splunk takes this >> data and makes sense of it. IT sense. And common sense. >> http://p.sf.net/sfu/splunk-novd2d >> _______________________________________________ >> sqlmap-users mailing list >> sql...@li... >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> >> > > > > -- > http://volatile-minds.blogspot.com -- blog > http://www.volatileminds.net -- website > -- http://volatile-minds.blogspot.com -- blog http://www.volatileminds.net -- website |
