Re: [sqlmap-users] Receiving invalid characters error message
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] Receiving invalid characters error message
|
From: Miroslav S. <mir...@gm...> - 2011-08-16 06:55:13
|
hi Oso. there are some cases where character validation could cause problems like the one you've noticed. i won't go into details. with the last revision (r4349) there should be a better way to handle this kind of cases. there will be 5 validation retries (incrementing time delay along the run) and if each of those retries fail last known value will be used as a final one (best solution for many reasons, including: it has the best probability to be "better" than the others, there is a great possibility - like in your case - that for some unknown reason there is a problem with the "validation" itself with the probably good value being infinitely revalidated for no reason). kr On Tue, Aug 16, 2011 at 6:11 AM, Oso Dog <oso...@ya...> wrote: > Hi there, I a new user of sqlmap and have run into a situation where sqlmap > indicates that it has found an injection point of a GET query parameter > using "Oracle AND time-based blind (heavy query - comment". I am able to use > the brute force method to enumerate the column names of a table but when I > try and do any other enumeration function, I get the following error > messages. I have used both my home and work network plus 2 different systems > and am using the most recent version from svn. > [ERROR] invalid character detected. retrying.. > [WARNING] increasing time delay to 2 seconds (due to invalid char) > I have let it run over night with the delay going up to 300 seconds but > still no luck. I am trying to figure out exactly what is causing this error > condition and if there is anything I can do on my end to resolve it? I have > also tried using the --text-only parameter. > thx. > O. > ------------------------------------------------------------------------------ > uberSVN's rich system and user administration capabilities and model > configuration take the hassle out of deploying and managing Subversion and > the tools developers use with it. Learn more about uberSVN and get a free > download at: http://p.sf.net/sfu/wandisco-dev2dev > > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar (@stamparm) E-mail: miroslav.stampar (at) gmail.com PGP Key ID: 0xB5397B1B |
