Hi.
We must use concatenation in UNION injections either by '+' sign or by
concat function (string unescaping and prepending/appending result
boundaries). Now, in function approach sign ',' could be a problem for some
other case, so that's not a solution for sure.
Either way, we would suggest you to use a manual approach. Optimal solution
with least headache.
Kind regards,
Miroslav Stampar
On Jul 15, 2012 11:48 AM, <du...@al...> wrote:
> I noticed that sqlmap is using '+' signs when doing union injection,
> and I can't seem to stop it from doing that (maybe there's a tamper
> script I missed?).
>
> So I have a scenario, where + is not allowed on the server.
>
>
> Thus the following payload works
>
> -579 UNION ALL SELECT 1 --
>
> While this one wont
>
> -579 UNION ALL SELECT
>
> CHAR(58)+CHAR(110)+CHAR(104)+CHAR(113)+CHAR(58)+CHAR(111)+CHAR(118)+CHAR(107)+CHAR(99)+CHAR(77)+CHAR(73)+CHAR(82)+CHAR(122)+CHAR(100)+CHAR(76)+CHAR(58)+CHAR(120)+CHAR(98)+CHAR(101)+CHAR(58)--
>
>
> Suggestions on how I could solve such a situation? :-)
>
>
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
|
