Re: [sqlmap-users] Not url-encoding POST-data possible?
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] Not url-encoding POST-data possible?
|
From: Thomas S. <ts...@go...> - 2012-05-25 10:40:32
|
Miroslav, great! Makes me and my customer happy! Thomas Von: Miroslav Stampar [mailto:mir...@gm...] Gesendet: Freitag, 25. Mai 2012 01:12 An: Thomas Schreiber Cc: sql...@li... Betreff: Re: [sqlmap-users] Not url-encoding POST-data possible? Hi Thomas. With the latest r5076 you'll get a new switch '--skip-urlencode' which tells sqlmap to skip URL encoding of POST data. Kind regards, Miroslav Stampar On Thu, May 24, 2012 at 11:56 AM, Miroslav Stampar <mir...@gm...> wrote: Hi. There is no such option, but something will be done (e.g. --skip-urlencode). Will keep you updated. Kind regards On May 23, 2012 9:56 PM, "Thomas Schreiber" <ts...@go...> wrote: Hi, can I tell sqlmap to not url-encode POST-data? In my case a php webservice complains about not getting a '<' as first character: Warning: simplexml_load_string(): Entity: line 1: parser error : Start tag expected, '<' not found in... Warning: simplexml_load_string(): %3Crequest... The reason is, that sqlmap sends the payload url-encoded: %3CRequest%3E%3CID%3E111*%3C/ID>%3C%2FRequest%3E Trying the same request in burp without urlencoding like this: <Request><ID>111*</ID></Request> does not produce the error Thanks! Thomas ---------------------------------------------------------------------------- -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ sqlmap-users mailing list sql...@li... https://lists.sourceforge.net/lists/listinfo/sqlmap-users -- Miroslav Stampar http://about.me/stamparm |
