406 (Not acceptable )

[nsonaniya2010]

Hello,

When i try to exploit sql injection vulnerability with sqlmap.
Then at last it shows warning that,

"Warning. It appears thay some non alpha numeric characters (i.e. () and >) are filtered by the back-end server.
There is strong possibility that sqlmap would noy be able to properly exploit this vulnerbility"

And i also got debug that.
Too many 4xx and/or 5xx (406 not acceptable ) error code in every url sqlmap want to access.

Is there any tamper script to bypass this type ok waf or filter?

[stamparm]

Hardly. You can try --tamper=between.

[nsonaniya2010]

Tamper beetween doesn't work for it.
But i tried 3 tampers simultaneously

1. Modsecurityversioned
   2.between (optional)
   3 lowercase or uppercase or randomcase
   4.nonrecursivereplacement (highly recommended )

But the found 302 error.
In which it shows debug on every url
[DEBUG] there was a problem while retrieving redirect response content (timed out).
Any comments?

[MSkhaliq]

rNnTRbt=1 x=d'">

8Ogemu

[MSkhaliq]

rNnTRbt=1 x=d'">

Lb5Eq1

[MSkhaliq]

rNnTRbt=1 x=d'">

FzhFNI

[MSkhaliq]

rNnTRbt=1 x=d'">

BsuBt9

[MSkhaliq]

rNnTRbt=1 x=d'">

7hUTt8

[MSkhaliq]

rNnTRbt=1 x=d'">

a4JSVM

[MSkhaliq]

rNnTRbt=1 x=d'">

jnfdI6

[MSkhaliq]

rNnTRbt=1 x=d'">

1CD3Pm

[MSkhaliq]

rNnTRbt=1 x=d'">

2q7vdV