Suggestion regarding the SQLi payloads

[saymenn]

While most the payloads have a space after the comment (--) this apparently doesn't work for header based SQLis ( mysql context ) since the server woudn't decode the space if it's url encoded, also it wouldn't parse it as a space I believe in most cases that space gets stripped before it reaches the query. U can use (#) or add a string after (--) for instance \n;select sleep(120) -- Qxxff for some reason adding a string after the space makes the web server parse the space as intended and pass it to the query.

[volkandindar]

thanks for your feedback, i will do proper implementation within next release.