0x00 Preface
Recently do penetration testing, pit no, small pits constantly, are the details of the problem caused by the error occurred, today, encountered a small problem, debugging a period of time only to find that the coding problem .... So the details determine success or failure.
0x01 problem
I encountered an injection in the security testing, Sqlmap also successfully ran out into the
But when I use the browser for manual injection detection, but found that there is no injection
With a problem-solving mindset, use sqlmap-v 5来 to view information about the specific sending packet
I was suddenly attracted to the%25, immediately understand that in the browser transmission,% will not be used as a% transmission, and% of the URL encoding value of%25
Browser test again, replace% with%25
0x02 Summary
Detail Details: The details determine success or failure, the problem itself is mentally retarded
A small detail of URL encoding