Re: [sqlmap-users] sqlmap error
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] sqlmap error
|
From: Bernardo D. A. G. <ber...@gm...> - 2009-06-24 14:12:46
|
Hi, On Mon, Jun 22, 2009 at 14:03, sql pirate<sql...@go...> wrote: > ... > ./sqlmap.py -u > "http://www.example.com/system/listinstances.nav?FORMULARNAME=listinstances&FORMULARSEGMENT=0&FLD_maxElementsListInstances=5&FLD_listInstancesOrderBy=1" > -p FLD_listInstancesOrderBy --string=rowHighSmall > --proxy=http://127.0.0.1:8080/ > --cookie="JSESSIONID=1RjDK1vK9NMkyJ7tWPWks9wTYyYz22h5pTQ2qTWVx6pQVhxC2nVg" > --delay=1 --prefix="%2b(select%20case%20when%201=1" > --postfix="then%201%20else%201/0%20end%20from%20dual)" --sql-query="select > 'bla' from dual" > ... > forgedPayload = payload % (expressionUnescaped, idx, limit) > ValueError: unsupported format character 'b' (0x62) at index 104 > ... Use latest sqlmap from subversion repository. Avoid uri encoding in --prefix and --postfix options' value. sqlmap uri encode the HTTP request parameters properly automatically. Cheers, -- Bernardo Damele A. G. E-mail / Jabber: bernardo.damele (at) gmail.com Mobiles: +447788962949 (UK), +393493821385 (IT) PGP Key ID: 0x05F5A30F |
