Re: [sqlmap-users] use blind SQL injection without some charactares due to a WAF
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] use blind SQL injection without some charactares due to a WAF
|
From: <wh...@po...> - 2013-01-18 12:32:44
|
Hi Miroslav RTFM ;-) that did the trick, thanks! Chris Miroslav Stampar <mir...@gm...> hat am 18. Januar 2013 um 13:28 geschrieben: > > Hi. > > Try with --tamper=between. > > Kind regards, > Miroslav Stampar > > p.s. It's actually a Python, not Perl > > Dana 18.1.2013. 13:19 " wh...@po... <mailto:wh...@po...> " < > wh...@po... <mailto:wh...@po...> > je napisao/la: > > > Hi all, > > > > my current test is a web application that redirects me to a generic page, > > whenever < or > is present in a parameter - before the query gets to the > > application logic. > > The application is injectable with a blind injection (MSSQL, proven by > > manual checking and also found by sqlmap). But if I try e.g. --current-user, > > sqlmap uses a query > > with greater than ">" in the where clause :-( > > > > Is it possible to use other queries (like only "=" or "!=" or contains)? > > I'm to lazy to program this myself - or try to understand the perl - > > programs I used ages ago ;-) > > > > > > Kind regards, > > > > Chris > > > > > > ------------------------------------------------------------------------------ > > Master HTML5, CSS3, ASP.NET <http://ASP.NET> , MVC, AJAX, Knockout.js, > > Web API and > > much more. Get web development skills now with LearnDevNow - > > 350+ hours of step-by-step video tutorials by Microsoft MVPs and experts. > > SALE $99.99 this month only -- learn more at: > > http://p.sf.net/sfu/learnmore_122812 > > <http://p.sf.net/sfu/learnmore_122812> > > _______________________________________________ > > sqlmap-users mailing list > > sql...@li... > > <mailto:sql...@li...> > > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > <https://lists.sourceforge.net/lists/listinfo/sqlmap-users> > > > |
