Re: [sqlmap-users] UNHEX vs 0x in MySQL/MariaDB
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] UNHEX vs 0x in MySQL/MariaDB
|
From: Miroslav S. <mir...@gm...> - 2018-05-30 13:49:55
|
Hi. Just added new tamper script to the HEAD. Please update and try --tamper=0x2char p.s. There is no need for unhex (as you'll see by running this new tamper script) Kind regards, Miroslav Stampar On Wed, May 30, 2018 at 12:49 PM, Brandon Perry <bpe...@gm...> wrote: > I’ve come across a SQL injection that uppercases the input, so that 0xaaaa > becomes 0XAAAA. This isn’t a valid hex value in MySQL since 0X is required > to use a lowercase x. I attempted to use a quick —eval argument to change > the syntax from 0x to X’’, but the single quotes in the X’' syntax end up > being escaped with double slashes so the syntax is still broken (X’’ -> > X\\’\\’). > > What are the chances a different encoding using UNHEX and CONCAT be used > instead of 0x when using BENCHMARK? > > For instance: > > BENCHMARK(5000000,MD5(0xaaaa)) > > Could be rewritten as: > > BENCHMARK(5000000,MD5(UNHEX(CONCAT(CHAR(65),CHAR(65),CHAR(65),CHAR(65)) > > Perhaps this is attainable with a tamper script and I am missing it? This > would prevent the application from breaking the SQL syntax by changing 0x > to 0X. > > Any thoughts are appreciated! > > ------------------------------------------------------------ > ------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar http://about.me/stamparm |
