[sqlmap-users] Suffix bug and redirect handling
Brought to you by:
inquisb
Menu
▾
▴
[sqlmap-users] Suffix bug and redirect handling
|
From: David T. <dav...@gm...> - 2011-05-23 15:17:31
|
Hi all, I am new to the list, so can I first say a massive thank you to everybody that has contributed to the development of this tool; it is awesome. I have come across a couple of issues with the current version of the tool. First, trailing whitespace seems to be stripped from the end of --suffix parameters. I have a blind injection point that requires " -- " as a terminator. If I give the tool --suffix " -- ", this gets turned into "%20--" in the injection, which doesn't work since the trailing space is missing. I've worked around this by appending some extra non-space characters (--suffix " -- xx"), which works, but shouldn't be necessary. And second, I don't quite understand how the redirect handling works. The same blind injection point I mention above is on a login page. If I don't try to inject, or if the injection equates to false, I get a HTTP 200 return code, with a "login failed" message. If the injection equates to true, the application 302's me to another page. I get the message "sqlmap got a 302 redirect to...", asking me if I want to re-target. In this instance, I don't want to choose a new target. I know the bsql vuln exists; I just want to use sqlmap to leverage it. However if I hit enter to select the default (keep same target), sqlmap doesn't detect the injection point. I have also tried providing a --string parameter, but this doesn't affect the result. Could we please have some way to blindly follow redirects, and compare the eventual result page to that retrieved for other injections? Thanks again, Dave |
