Re: [sqlmap-users] use blind SQL injection without some charactares due to a WAF

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Damn, I was too slow :)


Am 18.01.2013 13:28, schrieb Miroslav Stampar:
>
> Hi.
>
> Try with --tamper=between.
>
> Kind regards,
> Miroslav Stampar
>
> p.s. It's actually a Python, not Perl
>
> Dana 18.1.2013. 13:19 "wh...@po... <mailto:wh...@po...>"
> <wh...@po... <mailto:wh...@po...>> je napisao/la:
>
>     Hi all,
>      
>     my current test is a web application that redirects me to a
>     generic page, whenever < or > is present in a parameter - before
>     the query gets to the application logic.
>     The application is injectable with a blind injection (MSSQL,
>     proven by manual checking and also found by sqlmap). But if I try
>     e.g. --current-user, sqlmap uses a query
>     with greater than ">" in the where clause :-(
>      
>     Is it possible to use other queries  (like only "=" or "!=" or
>     contains)?
>     I'm to lazy to program this myself - or try to understand the perl
>     - programs I used ages ago ;-)
>      
>      
>     Kind regards,
>      
>     Chris
>
>     ------------------------------------------------------------------------------
>     Master HTML5, CSS3, ASP.NET <http://ASP.NET>, MVC, AJAX,
>     Knockout.js, Web API and
>     much more. Get web development skills now with LearnDevNow -
>     350+ hours of step-by-step video tutorials by Microsoft MVPs and
>     experts.
>     SALE $99.99 this month only -- learn more at:
>     http://p.sf.net/sfu/learnmore_122812
>     _______________________________________________
>     sqlmap-users mailing list
>     sql...@li...
>     <mailto:sql...@li...>
>     https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>
>
> ------------------------------------------------------------------------------
> Master HTML5, CSS3, ASP.NET, MVC, AJAX, Knockout.js, Web API and
> much more. Get web development skills now with LearnDevNow -
> 350+ hours of step-by-step video tutorials by Microsoft MVPs and experts.
> SALE $99.99 this month only -- learn more at:
> http://p.sf.net/sfu/learnmore_122812
>
>
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-