Re: [sqlmap-users] double quite problem
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] double quite problem
|
From: Miroslav S. <mir...@gm...> - 2013-03-10 08:38:38
|
Hi. It's not filtered by sqlmap but by OS command prompt. Which OS do you use? Have you tried to echo that prefix string (e.g. echo "...) to see what's happening? Kind regards, Miroslav Stampar Dana 10.3.2013. 09:19 "lars peters" <lar...@ma...> je napisao/la: > hello > > i am trying to test a web app with injection in the x-forwarded-for header > and sqlmap filters out the injection chars. > > the injection is 1"' or 1'" and sqlmap changes to 1' or 1" > > sqlmap.py -u "http://www.testing/vuln/" --prefix=" ' " " > --headers="x-forwarded-for: *" <---is filtered > > sqlmap.py -u "http://www.testing/vuln/" --prefix=" " " > --headers="x-forwarded-for: * " " <---is filtered > > i put the spaces there to see. > > is there a fix for this? > > regards lars > |
