Re: [sqlmap-users] PAYLOAD_DELIMITER replace bug?
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] PAYLOAD_DELIMITER replace bug?
|
From: Andres R. <and...@gm...> - 2013-10-23 17:26:25
|
Thanks! Now I'm getting better results ;) On Wed, Oct 23, 2013 at 1:08 PM, Miroslav Stampar <mir...@gm...> wrote: > It should be fixed now :) > > Bye > > > On Wed, Oct 23, 2013 at 5:55 PM, Andres Riancho <and...@gm...> > wrote: >> >> All right, thanks! :) >> >> On Wed, Oct 23, 2013 at 12:20 PM, Miroslav Stampar >> <mir...@gm...> wrote: >> > Hi Andres. >> > >> > Expect a fix ASAP (<1 hour). >> > >> > Bye >> > >> > On Oct 23, 2013 5:18 PM, "Andres Riancho" <and...@gm...> >> > wrote: >> >> >> >> I'm capturing sqlmap's traffic using burp and I see: >> >> >> >> >> >> >> >> %5C_%5C_PAYLOAD%5C_DELIMITER%5C_%5C_frmContact%5C%22%5C%29%5C%29%5C%29%5C%20RLIKE%5C%20%5C%28SELECT%5C%20%5C%28CASE%5C%20WHEN%5C%20%5C%282371%5C=2371%5C%29%5C%20THEN%5C%200x66726d436f6e74616374%5C%20ELSE%5C%200x28%5C%20END%5C%29%5C%29%5C%20AND%5C%20%5C%28%5C%28%5C%28%5C%22aruB%5C%22%5C%20LIKE%5C%20%5C%22aruB%5C_%5C_PAYLOAD%5C_DELIMITER%5C_%5C_ >> >> >> >> Decoded: >> >> >> >> \_\_PAYLOAD\_DELIMITER\_\_frmContact\"\)\)\)\ RLIKE\ \(SELECT\ \(CASE\ >> >> WHEN\ \(2371\=2371\)\ THEN\ 0x66726d436f6e74616374\ ELSE\ 0x28\ >> >> END\)\)\ >> >> AND\ \(\(\(\"aruB\"\ LIKE\ \"aruB\_\_PAYLOAD\_DELIMITER\_\_ >> >> >> >> I suspect that PAYLOAD_DELIMITER was intended to be replaced before >> >> being sent? >> >> >> >> Also, what's with all the %5C? There is also a strange thing in this >> >> request "RLIKE", which I suppose should be "OR LIKE" ? >> >> >> >> sqlmap/1.0-dev-28529a9 >> >> >> >> >> >> >> >> ------------------------------------------------------------------------------ >> >> October Webinars: Code for Performance >> >> Free Intel webinars can help you accelerate application performance. >> >> Explore tips for MPI, OpenMP, advanced profiling, and more. Get the >> >> most >> >> from >> >> the latest Intel processors and coprocessors. See abstracts and >> >> register > >> >> >> >> >> >> http://pubads.g.doubleclick.net/gampad/clk?id=60135991&iu=/4140/ostg.clktrk >> >> _______________________________________________ >> >> sqlmap-users mailing list >> >> sql...@li... >> >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> >> >> >> -- >> Andrés Riancho >> Project Leader at w3af - http://w3af.org/ >> Web Application Attack and Audit Framework >> Twitter: @w3af >> GPG: 0x93C344F3 > > > > > -- > Miroslav Stampar > http://about.me/stamparm -- Andrés Riancho Project Leader at w3af - http://w3af.org/ Web Application Attack and Audit Framework Twitter: @w3af GPG: 0x93C344F3 |
