[sqlmap-users] Bug in sqlmap
Brought to you by:
inquisb
Menu
▾
▴
[sqlmap-users] Bug in sqlmap
|
From: sad f. <sad...@ma...> - 2015-01-29 09:23:37
|
<html><head></head><body><div style="font-family: Verdana;font-size: 12.0px;"><div style="font-family: Verdana;font-size: 12.0px;"> <div>Hi!</div> <div>Thanks for the greatest tool!</div> <div>I've found some problem in latest revision of sqlmap.</div> <div>If you will run something like:</div> <div><em>sqlmap.py -u "<a href="http://www.google.com/news.php?id=5+OR+(4=4" target="_blank">http://www.google.com/news.php?id=5+OR+(4=4</a>)" --skip-urlencode --random-agent --tamper=space2plus --technique=BSU -v 3 --dbms=mssql</em></div> <div>And answer 'y' here:</div> <div><em>[09:16:17] [WARNING] it appears that you have provided tainted parameter values ('id=5 OR (4=4)') with most probably leftover chars/statements from manual SQL injection test(s). Please, always use only valid parameter values so sqlmap could be able to run properly<br/> are you really sure that you want to continue (sqlmap could have problems)? [y/N]</em></div> <div>You'll get some output encoding problem:</div> <div> <div><em>[Gw:bM:bw] [dLf4Q] ScuX1KRmE PXuhmWgc 'BBB.EXXE1c.jXg'<br/> [Gw:bM:NG] [T830] hcuhRmE jXmmcjhRXm hX hPc hWSEch 4yt<br/> [Gw:bM:Nb] [dLf4Q] icj1WSci BcA sWEc jPWSuch '9hI-2'<br/> [Gw:bM:Nb] [dLf4Q] EXh Hppo cSSXS jXic: FGG (fWi ycx9cuh)<br/> [Gw:bM:Nb] [Zry8T8Q] hPc BcA ucSKcS ScusXmici BRhP Wm Hppo cSSXS jXic (FGG) BPRjP jX91i RmhcSIcSc BRhP hPc Scu91hu XI hPc hcuhu</em></div> <div> </div> <div>Printscreen attached.</div> <div>In older versions(tested on something like november 2014 version) there is no such a problem.</div> <div> </div> <div>And also:</div> <div>checkWAF() function now calling every time you run sqlmap. But you really don't need that. Because of this in case there is WAF you'll get timeout every time you run sqlmap on the same target or may even get ip-ban.</div> <div>I think old variant with --check-waf option is much better.</div> <div> </div> <div>Thank you!</div> <div> </div> </div> </div></div></body></html> |
