[sqlmap-users] Testing pages with "strange" characters
Brought to you by:
inquisb
Menu
▾
▴
[sqlmap-users] Testing pages with "strange" characters
|
From: Miroslav S. <mir...@gm...> - 2010-12-29 15:20:59
|
Hi all. I've stumbled upon a page with all cyrilic chars, high match ratio (lots of javascript inside), and in normal situations you would normally use --string. But, the problem was that I couldn't type a single cyrilic character into console (they were replaced with ???, and I wouldn't change my charset map just to type those in). In those cases --text-only is highly desirable and it helped a lot. No more --string was needed. Also, I've realized that we've left a part in page processing where we've filtered out all those "strange" characters and replaced them with '?' - which probably led to a harder finding of a "blind injectable" pages. So, by this latest fix, you'll be able to use --string method with those "strange" chars (if you properly set your console) as in page response there is no more replacing with '?'. Also, for all of you 'lazy' ones, use --text-only wherever you stumble upon pages with strange charsets and with really minor changes in blind response. Kind regards. -- Miroslav Stampar E-mail / Jabber: miroslav.stampar (at) gmail.com Mobile: +385921010204 (HR 0921010204) PGP Key ID: 0xB5397B1B Location: Zagreb, Croatia |
