Re: [sqlmap-users] PAYLOAD_DELIMITER replace bug?
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] PAYLOAD_DELIMITER replace bug?
|
From: Andres R. <and...@gm...> - 2013-10-23 15:56:19
|
All right, thanks! :) On Wed, Oct 23, 2013 at 12:20 PM, Miroslav Stampar <mir...@gm...> wrote: > Hi Andres. > > Expect a fix ASAP (<1 hour). > > Bye > > On Oct 23, 2013 5:18 PM, "Andres Riancho" <and...@gm...> wrote: >> >> I'm capturing sqlmap's traffic using burp and I see: >> >> >> %5C_%5C_PAYLOAD%5C_DELIMITER%5C_%5C_frmContact%5C%22%5C%29%5C%29%5C%29%5C%20RLIKE%5C%20%5C%28SELECT%5C%20%5C%28CASE%5C%20WHEN%5C%20%5C%282371%5C=2371%5C%29%5C%20THEN%5C%200x66726d436f6e74616374%5C%20ELSE%5C%200x28%5C%20END%5C%29%5C%29%5C%20AND%5C%20%5C%28%5C%28%5C%28%5C%22aruB%5C%22%5C%20LIKE%5C%20%5C%22aruB%5C_%5C_PAYLOAD%5C_DELIMITER%5C_%5C_ >> >> Decoded: >> >> \_\_PAYLOAD\_DELIMITER\_\_frmContact\"\)\)\)\ RLIKE\ \(SELECT\ \(CASE\ >> WHEN\ \(2371\=2371\)\ THEN\ 0x66726d436f6e74616374\ ELSE\ 0x28\ END\)\)\ >> AND\ \(\(\(\"aruB\"\ LIKE\ \"aruB\_\_PAYLOAD\_DELIMITER\_\_ >> >> I suspect that PAYLOAD_DELIMITER was intended to be replaced before >> being sent? >> >> Also, what's with all the %5C? There is also a strange thing in this >> request "RLIKE", which I suppose should be "OR LIKE" ? >> >> sqlmap/1.0-dev-28529a9 >> >> >> ------------------------------------------------------------------------------ >> October Webinars: Code for Performance >> Free Intel webinars can help you accelerate application performance. >> Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most >> from >> the latest Intel processors and coprocessors. See abstracts and register > >> >> http://pubads.g.doubleclick.net/gampad/clk?id=60135991&iu=/4140/ostg.clktrk >> _______________________________________________ >> sqlmap-users mailing list >> sql...@li... >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users -- Andrés Riancho Project Leader at w3af - http://w3af.org/ Web Application Attack and Audit Framework Twitter: @w3af GPG: 0x93C344F3 |
