Re: [sqlmap-users] PAYLOAD_DELIMITER replace bug?
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] PAYLOAD_DELIMITER replace bug?
|
From: Miroslav S. <mir...@gm...> - 2013-10-23 16:09:02
|
It should be fixed now :) Bye On Wed, Oct 23, 2013 at 5:55 PM, Andres Riancho <and...@gm...>wrote: > All right, thanks! :) > > On Wed, Oct 23, 2013 at 12:20 PM, Miroslav Stampar > <mir...@gm...> wrote: > > Hi Andres. > > > > Expect a fix ASAP (<1 hour). > > > > Bye > > > > On Oct 23, 2013 5:18 PM, "Andres Riancho" <and...@gm...> > wrote: > >> > >> I'm capturing sqlmap's traffic using burp and I see: > >> > >> > >> > %5C_%5C_PAYLOAD%5C_DELIMITER%5C_%5C_frmContact%5C%22%5C%29%5C%29%5C%29%5C%20RLIKE%5C%20%5C%28SELECT%5C%20%5C%28CASE%5C%20WHEN%5C%20%5C%282371%5C=2371%5C%29%5C%20THEN%5C%200x66726d436f6e74616374%5C%20ELSE%5C%200x28%5C%20END%5C%29%5C%29%5C%20AND%5C%20%5C%28%5C%28%5C%28%5C%22aruB%5C%22%5C%20LIKE%5C%20%5C%22aruB%5C_%5C_PAYLOAD%5C_DELIMITER%5C_%5C_ > >> > >> Decoded: > >> > >> \_\_PAYLOAD\_DELIMITER\_\_frmContact\"\)\)\)\ RLIKE\ \(SELECT\ \(CASE\ > >> WHEN\ \(2371\=2371\)\ THEN\ 0x66726d436f6e74616374\ ELSE\ 0x28\ END\)\)\ > >> AND\ \(\(\(\"aruB\"\ LIKE\ \"aruB\_\_PAYLOAD\_DELIMITER\_\_ > >> > >> I suspect that PAYLOAD_DELIMITER was intended to be replaced before > >> being sent? > >> > >> Also, what's with all the %5C? There is also a strange thing in this > >> request "RLIKE", which I suppose should be "OR LIKE" ? > >> > >> sqlmap/1.0-dev-28529a9 > >> > >> > >> > ------------------------------------------------------------------------------ > >> October Webinars: Code for Performance > >> Free Intel webinars can help you accelerate application performance. > >> Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most > >> from > >> the latest Intel processors and coprocessors. See abstracts and > register > > >> > >> > http://pubads.g.doubleclick.net/gampad/clk?id=60135991&iu=/4140/ostg.clktrk > >> _______________________________________________ > >> sqlmap-users mailing list > >> sql...@li... > >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > > > -- > Andrés Riancho > Project Leader at w3af - http://w3af.org/ > Web Application Attack and Audit Framework > Twitter: @w3af > GPG: 0x93C344F3 > -- Miroslav Stampar http://about.me/stamparm |
