Re: [sqlmap-users] Bug in sqlmap
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] Bug in sqlmap
|
From: Miroslav S. <mir...@gm...> - 2015-02-19 14:56:32
|
This has been replied earlier. That "bug" was "neutralized". Kind regards On Thu, Jan 29, 2015 at 10:23 AM, sad fastfood <sad...@ma...> wrote: > Hi! > Thanks for the greatest tool! > I've found some problem in latest revision of sqlmap. > If you will run something like: > *sqlmap.py -u "http://www.google.com/news.php?id=5+OR+(4=4 > <http://www.google.com/news.php?id=5+OR+(4=4>)" --skip-urlencode > --random-agent --tamper=space2plus --technique=BSU -v 3 --dbms=mssql* > And answer 'y' here: > > *[09:16:17] [WARNING] it appears that you have provided tainted parameter > values ('id=5 OR (4=4)') with most probably leftover chars/statements from > manual SQL injection test(s). Please, always use only valid parameter > values so sqlmap could be able to run properly are you really sure that you > want to continue (sqlmap could have problems)? [y/N]* > You'll get some output encoding problem: > > > > > *[Gw:bM:bw] [dLf4Q] ScuX1KRmE PXuhmWgc 'BBB.EXXE1c.jXg' [Gw:bM:NG] [T830] > hcuhRmE jXmmcjhRXm hX hPc hWSEch 4yt [Gw:bM:Nb] [dLf4Q] icj1WSci BcA sWEc > jPWSuch '9hI-2' [Gw:bM:Nb] [dLf4Q] EXh Hppo cSSXS jXic: FGG (fWi ycx9cuh) > [Gw:bM:Nb] [Zry8T8Q] hPc BcA ucSKcS ScusXmici BRhP Wm Hppo cSSXS jXic (FGG) > BPRjP jX91i RmhcSIcSc BRhP hPc Scu91hu XI hPc hcuhu* > > Printscreen attached. > In older versions(tested on something like november 2014 version) there is > no such a problem. > > And also: > checkWAF() function now calling every time you run sqlmap. But you really > don't need that. Because of this in case there is WAF you'll get timeout > every time you run sqlmap on the same target or may even get ip-ban. > I think old variant with --check-waf option is much better. > > Thank you! > > > > ------------------------------------------------------------------------------ > Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server > from Actuate! Instantly Supercharge Your Business Reports and Dashboards > with Interactivity, Sharing, Native Excel Exports, App Integration & more > Get technology previously reserved for billion-dollar corporations, FREE > > http://pubads.g.doubleclick.net/gampad/clk?id=190641631&iu=/4140/ostg.clktrk > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar http://about.me/stamparm |
