Re: [sqlmap-users] Not url-encoding POST-data possible?
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] Not url-encoding POST-data possible?
|
From: Miroslav S. <mir...@gm...> - 2012-05-24 23:11:45
|
Hi Thomas. With the latest r5076 you'll get a new switch '--skip-urlencode' which tells sqlmap to skip URL encoding of POST data. Kind regards, Miroslav Stampar On Thu, May 24, 2012 at 11:56 AM, Miroslav Stampar < mir...@gm...> wrote: > Hi. > > There is no such option, but something will be done (e.g. > --skip-urlencode). Will keep you updated. > > Kind regards > On May 23, 2012 9:56 PM, "Thomas Schreiber" <ts...@go...> wrote: > >> Hi, >> >> can I tell sqlmap to not url-encode POST-data? >> >> In my case a php webservice complains about not getting a '<' as first >> character: >> >> Warning: simplexml_load_string(): Entity: line 1: parser error : Start >> tag expected, '<' not found in... >> Warning: simplexml_load_string(): %3Crequest... >> >> The reason is, that sqlmap sends the payload url-encoded: >> >> %3CRequest%3E%3CID%3E111*%3C/ID>%3C%2FRequest%3E >> >> Trying the same request in burp without urlencoding like this: >> >> <Request><ID>111*</ID></Request> >> >> does not produce the error >> >> Thanks! >> >> Thomas >> >> >> >> ------------------------------------------------------------------------------ >> Live Security Virtual Conference >> Exclusive live event will cover all the ways today's security and >> threat landscape has changed and how IT managers can respond. Discussions >> will include endpoint security, mobile security and the latest in malware >> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ >> _______________________________________________ >> sqlmap-users mailing list >> sql...@li... >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> > -- Miroslav Stampar http://about.me/stamparm |
