[sqlmap-users] It seems that "+" is not allowed on server
Brought to you by:
inquisb
Menu
▾
▴
[sqlmap-users] It seems that "+" is not allowed on server
|
From: <du...@al...> - 2012-07-15 09:47:37
|
I noticed that sqlmap is using '+' signs when doing union injection, and I can't seem to stop it from doing that (maybe there's a tamper script I missed?). So I have a scenario, where + is not allowed on the server. Thus the following payload works -579 UNION ALL SELECT 1 -- While this one wont -579 UNION ALL SELECT CHAR(58)+CHAR(110)+CHAR(104)+CHAR(113)+CHAR(58)+CHAR(111)+CHAR(118)+CHAR(107)+CHAR(99)+CHAR(77)+CHAR(73)+CHAR(82)+CHAR(122)+CHAR(100)+CHAR(76)+CHAR(58)+CHAR(120)+CHAR(98)+CHAR(101)+CHAR(58)-- Suggestions on how I could solve such a situation? :-) |
