Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
How do you completely compromise a machine given a text box or badly validated input box? This is a place to talk about code issues (PHP includes, null byte injection, backticks, pipe, etc...) as well as how to properly construct an SQL injection attack. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
difference with FORM POST and LIVE HTTP HEADERS
Posted by: jammy99
Date: May 28, 2013 10:12PM

I have a website with sql injection in POST parameters

So when i enter my query like

13+AND+1=1

then + is encoded to its hex %2b
and = is encoded to its hex %3d

but when i use same query with live http headers then its not encoded, why so?

so how can i post parameters without encoding?

Options: ReplyQuote
Re: difference with FORM POST and LIVE HTTP HEADERS
Posted by: ajkaro
Date: May 29, 2013 06:14AM

using + in hackbar post option doesn't work for me. It works in Live HTTP Header. Si I delete all + from my commands when using hackbar post data.

Options: ReplyQuote
Re: difference with FORM POST and LIVE HTTP HEADERS
Posted by: jammy99
Date: May 29, 2013 02:12PM

yes i see this what you said.
thanks bro

Options: ReplyQuote


Sorry, only registered users may post in this forum.