Re: [sqlmap-users] PAYLOAD_DELIMITER replace bug?
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] PAYLOAD_DELIMITER replace bug?
|
From: Miroslav S. <mir...@gm...> - 2013-10-23 15:20:15
|
Hi Andres. Expect a fix ASAP (<1 hour). Bye On Oct 23, 2013 5:18 PM, "Andres Riancho" <and...@gm...> wrote: > I'm capturing sqlmap's traffic using burp and I see: > > > %5C_%5C_PAYLOAD%5C_DELIMITER%5C_%5C_frmContact%5C%22%5C%29%5C%29%5C%29%5C%20RLIKE%5C%20%5C%28SELECT%5C%20%5C%28CASE%5C%20WHEN%5C%20%5C%282371%5C=2371%5C%29%5C%20THEN%5C%200x66726d436f6e74616374%5C%20ELSE%5C%200x28%5C%20END%5C%29%5C%29%5C%20AND%5C%20%5C%28%5C%28%5C%28%5C%22aruB%5C%22%5C%20LIKE%5C%20%5C%22aruB%5C_%5C_PAYLOAD%5C_DELIMITER%5C_%5C_ > > Decoded: > > \_\_PAYLOAD\_DELIMITER\_\_frmContact\"\)\)\)\ RLIKE\ \(SELECT\ \(CASE\ > WHEN\ \(2371\=2371\)\ THEN\ 0x66726d436f6e74616374\ ELSE\ 0x28\ END\)\)\ > AND\ \(\(\(\"aruB\"\ LIKE\ \"aruB\_\_PAYLOAD\_DELIMITER\_\_ > > I suspect that PAYLOAD_DELIMITER was intended to be replaced before > being sent? > > Also, what's with all the %5C? There is also a strange thing in this > request "RLIKE", which I suppose should be "OR LIKE" ? > > sqlmap/1.0-dev-28529a9 > > > ------------------------------------------------------------------------------ > October Webinars: Code for Performance > Free Intel webinars can help you accelerate application performance. > Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most > from > the latest Intel processors and coprocessors. See abstracts and register > > http://pubads.g.doubleclick.net/gampad/clk?id=60135991&iu=/4140/ostg.clktrk > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > |
