Adam, On Sat, Nov 21, 2009 at 7:21 AM, Adam Baldwin <adam_bald...@ngenuity-is.com> wrote: > I'm trying to add a new test / vector to w3af for sql injection. However > the framework is making spaces in my statement "+"'s and the vector > doesn't work when the statement is formatted like that. I can't find > where that encoding is taking place. Anybody point me in the right > direction?
That is URL encoding and shouldn't have nothing to do with SQL. I mean... the Web programming framework should change the + by ' ' just after receiving the information. Just to answer your specific question, "urlencode()" in "encode_decode.py" could be the place to look for a "fix". Maybe a framework option could be added, that indicates how if whitespaces are encoded as + or "%20" ? Cheers, > -Adam > > ------------------------------------------------------------------------------ > Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day > trial. Simplify your report design, integration and deployment - and focus on > what you do best, core application coding. Discover what's new with > Crystal Reports now. http://p.sf.net/sfu/bobj-july > _______________________________________________ > W3af-develop mailing list > W3af-develop@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/w3af-develop > -- Andrés Riancho Founder, Bonsai - Information Security http://www.bonsai-sec.com/ http://w3af.sf.net/ ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop
