Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: SQL injection question
From: ".Saphyr" <saphyr () infomaniak ch>
Date: Thu, 22 Jan 2004 09:07:12 +0100

: i tried to use %20, \20 etc.. but it don't seems to
: work

If your target is a mssql server, if you need spaces into your string
requests you can still use the SPACE function: 

SELECT * FROM users WHERE username = 'John'+SPACE(2)+'McLane'

What do you precisely need spaces for ?

Did you try simply using the '+' sign ?

.merlin



---------------------------------------------------------------------------
----------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault