sqlmap-users

[sqlmap-users] PAYLOAD_DELIMITER replace bug?

[Andres R. <and...@gm...>]

I'm capturing sqlmap's traffic using burp and I see:

%5C_%5C_PAYLOAD%5C_DELIMITER%5C_%5C_frmContact%5C%22%5C%29%5C%29%5C%29%5C%20RLIKE%5C%20%5C%28SELECT%5C%20%5C%28CASE%5C%20WHEN%5C%20%5C%282371%5C=2371%5C%29%5C%20THEN%5C%200x66726d436f6e74616374%5C%20ELSE%5C%200x28%5C%20END%5C%29%5C%29%5C%20AND%5C%20%5C%28%5C%28%5C%28%5C%22aruB%5C%22%5C%20LIKE%5C%20%5C%22aruB%5C_%5C_PAYLOAD%5C_DELIMITER%5C_%5C_

Decoded:

\_\_PAYLOAD\_DELIMITER\_\_frmContact\"\)\)\)\ RLIKE\ \(SELECT\ \(CASE\
WHEN\ \(2371\=2371\)\ THEN\ 0x66726d436f6e74616374\ ELSE\ 0x28\ END\)\)\
AND\ \(\(\(\"aruB\"\ LIKE\ \"aruB\_\_PAYLOAD\_DELIMITER\_\_

I suspect that PAYLOAD_DELIMITER was intended to be replaced before
being sent?

Also, what's with all the %5C? There is also a strange thing in this
request "RLIKE", which I suppose should be "OR LIKE" ?

sqlmap/1.0-dev-28529a9

Re: [sqlmap-users] PAYLOAD_DELIMITER replace bug?

[Miroslav S. <mir...@gm...>]

Hi Andres.

Expect a fix ASAP (<1 hour).

Bye
On Oct 23, 2013 5:18 PM, "Andres Riancho" <and...@gm...> wrote:

> I'm capturing sqlmap's traffic using burp and I see:
>
>
> %5C_%5C_PAYLOAD%5C_DELIMITER%5C_%5C_frmContact%5C%22%5C%29%5C%29%5C%29%5C%20RLIKE%5C%20%5C%28SELECT%5C%20%5C%28CASE%5C%20WHEN%5C%20%5C%282371%5C=2371%5C%29%5C%20THEN%5C%200x66726d436f6e74616374%5C%20ELSE%5C%200x28%5C%20END%5C%29%5C%29%5C%20AND%5C%20%5C%28%5C%28%5C%28%5C%22aruB%5C%22%5C%20LIKE%5C%20%5C%22aruB%5C_%5C_PAYLOAD%5C_DELIMITER%5C_%5C_
>
> Decoded:
>
> \_\_PAYLOAD\_DELIMITER\_\_frmContact\"\)\)\)\ RLIKE\ \(SELECT\ \(CASE\
> WHEN\ \(2371\=2371\)\ THEN\ 0x66726d436f6e74616374\ ELSE\ 0x28\ END\)\)\
> AND\ \(\(\(\"aruB\"\ LIKE\ \"aruB\_\_PAYLOAD\_DELIMITER\_\_
>
> I suspect that PAYLOAD_DELIMITER was intended to be replaced before
> being sent?
>
> Also, what's with all the %5C? There is also a strange thing in this
> request "RLIKE", which I suppose should be "OR LIKE" ?
>
> sqlmap/1.0-dev-28529a9
>
>
> ------------------------------------------------------------------------------
> October Webinars: Code for Performance
> Free Intel webinars can help you accelerate application performance.
> Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most
> from
> the latest Intel processors and coprocessors. See abstracts and register >
> http://pubads.g.doubleclick.net/gampad/clk?id=60135991&iu=/4140/ostg.clktrk
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>

Re: [sqlmap-users] PAYLOAD_DELIMITER replace bug?

[Andres R. <and...@gm...>]

All right, thanks! :)

On Wed, Oct 23, 2013 at 12:20 PM, Miroslav Stampar
<mir...@gm...> wrote:
> Hi Andres.
>
> Expect a fix ASAP (<1 hour).
>
> Bye
>
> On Oct 23, 2013 5:18 PM, "Andres Riancho" <and...@gm...> wrote:
>>
>> I'm capturing sqlmap's traffic using burp and I see:
>>
>>
>> %5C_%5C_PAYLOAD%5C_DELIMITER%5C_%5C_frmContact%5C%22%5C%29%5C%29%5C%29%5C%20RLIKE%5C%20%5C%28SELECT%5C%20%5C%28CASE%5C%20WHEN%5C%20%5C%282371%5C=2371%5C%29%5C%20THEN%5C%200x66726d436f6e74616374%5C%20ELSE%5C%200x28%5C%20END%5C%29%5C%29%5C%20AND%5C%20%5C%28%5C%28%5C%28%5C%22aruB%5C%22%5C%20LIKE%5C%20%5C%22aruB%5C_%5C_PAYLOAD%5C_DELIMITER%5C_%5C_
>>
>> Decoded:
>>
>> \_\_PAYLOAD\_DELIMITER\_\_frmContact\"\)\)\)\ RLIKE\ \(SELECT\ \(CASE\
>> WHEN\ \(2371\=2371\)\ THEN\ 0x66726d436f6e74616374\ ELSE\ 0x28\ END\)\)\
>> AND\ \(\(\(\"aruB\"\ LIKE\ \"aruB\_\_PAYLOAD\_DELIMITER\_\_
>>
>> I suspect that PAYLOAD_DELIMITER was intended to be replaced before
>> being sent?
>>
>> Also, what's with all the %5C? There is also a strange thing in this
>> request "RLIKE", which I suppose should be "OR LIKE" ?
>>
>> sqlmap/1.0-dev-28529a9
>>
>>
>> ------------------------------------------------------------------------------
>> October Webinars: Code for Performance
>> Free Intel webinars can help you accelerate application performance.
>> Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most
>> from
>> the latest Intel processors and coprocessors. See abstracts and register >
>>
>> http://pubads.g.doubleclick.net/gampad/clk?id=60135991&iu=/4140/ostg.clktrk
>> _______________________________________________
>> sqlmap-users mailing list
>> sql...@li...
>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users



-- 
Andrés Riancho
Project Leader at w3af - http://w3af.org/
Web Application Attack and Audit Framework
Twitter: @w3af
GPG: 0x93C344F3

Re: [sqlmap-users] PAYLOAD_DELIMITER replace bug?

[Miroslav S. <mir...@gm...>]

It should be fixed now :)

Bye


On Wed, Oct 23, 2013 at 5:55 PM, Andres Riancho <and...@gm...>wrote:

> All right, thanks! :)
>
> On Wed, Oct 23, 2013 at 12:20 PM, Miroslav Stampar
> <mir...@gm...> wrote:
> > Hi Andres.
> >
> > Expect a fix ASAP (<1 hour).
> >
> > Bye
> >
> > On Oct 23, 2013 5:18 PM, "Andres Riancho" <and...@gm...>
> wrote:
> >>
> >> I'm capturing sqlmap's traffic using burp and I see:
> >>
> >>
> >>
> %5C_%5C_PAYLOAD%5C_DELIMITER%5C_%5C_frmContact%5C%22%5C%29%5C%29%5C%29%5C%20RLIKE%5C%20%5C%28SELECT%5C%20%5C%28CASE%5C%20WHEN%5C%20%5C%282371%5C=2371%5C%29%5C%20THEN%5C%200x66726d436f6e74616374%5C%20ELSE%5C%200x28%5C%20END%5C%29%5C%29%5C%20AND%5C%20%5C%28%5C%28%5C%28%5C%22aruB%5C%22%5C%20LIKE%5C%20%5C%22aruB%5C_%5C_PAYLOAD%5C_DELIMITER%5C_%5C_
> >>
> >> Decoded:
> >>
> >> \_\_PAYLOAD\_DELIMITER\_\_frmContact\"\)\)\)\ RLIKE\ \(SELECT\ \(CASE\
> >> WHEN\ \(2371\=2371\)\ THEN\ 0x66726d436f6e74616374\ ELSE\ 0x28\ END\)\)\
> >> AND\ \(\(\(\"aruB\"\ LIKE\ \"aruB\_\_PAYLOAD\_DELIMITER\_\_
> >>
> >> I suspect that PAYLOAD_DELIMITER was intended to be replaced before
> >> being sent?
> >>
> >> Also, what's with all the %5C? There is also a strange thing in this
> >> request "RLIKE", which I suppose should be "OR LIKE" ?
> >>
> >> sqlmap/1.0-dev-28529a9
> >>
> >>
> >>
> ------------------------------------------------------------------------------
> >> October Webinars: Code for Performance
> >> Free Intel webinars can help you accelerate application performance.
> >> Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most
> >> from
> >> the latest Intel processors and coprocessors. See abstracts and
> register >
> >>
> >>
> http://pubads.g.doubleclick.net/gampad/clk?id=60135991&iu=/4140/ostg.clktrk
> >> _______________________________________________
> >> sqlmap-users mailing list
> >> sql...@li...
> >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>
>
> --
> Andrés Riancho
> Project Leader at w3af - http://w3af.org/
> Web Application Attack and Audit Framework
> Twitter: @w3af
> GPG: 0x93C344F3
>



-- 
Miroslav Stampar
http://about.me/stamparm

Re: [sqlmap-users] PAYLOAD_DELIMITER replace bug?

[Andres R. <and...@gm...>]

Thanks! Now I'm getting better results ;)

On Wed, Oct 23, 2013 at 1:08 PM, Miroslav Stampar
<mir...@gm...> wrote:
> It should be fixed now :)
>
> Bye
>
>
> On Wed, Oct 23, 2013 at 5:55 PM, Andres Riancho <and...@gm...>
> wrote:
>>
>> All right, thanks! :)
>>
>> On Wed, Oct 23, 2013 at 12:20 PM, Miroslav Stampar
>> <mir...@gm...> wrote:
>> > Hi Andres.
>> >
>> > Expect a fix ASAP (<1 hour).
>> >
>> > Bye
>> >
>> > On Oct 23, 2013 5:18 PM, "Andres Riancho" <and...@gm...>
>> > wrote:
>> >>
>> >> I'm capturing sqlmap's traffic using burp and I see:
>> >>
>> >>
>> >>
>> >> %5C_%5C_PAYLOAD%5C_DELIMITER%5C_%5C_frmContact%5C%22%5C%29%5C%29%5C%29%5C%20RLIKE%5C%20%5C%28SELECT%5C%20%5C%28CASE%5C%20WHEN%5C%20%5C%282371%5C=2371%5C%29%5C%20THEN%5C%200x66726d436f6e74616374%5C%20ELSE%5C%200x28%5C%20END%5C%29%5C%29%5C%20AND%5C%20%5C%28%5C%28%5C%28%5C%22aruB%5C%22%5C%20LIKE%5C%20%5C%22aruB%5C_%5C_PAYLOAD%5C_DELIMITER%5C_%5C_
>> >>
>> >> Decoded:
>> >>
>> >> \_\_PAYLOAD\_DELIMITER\_\_frmContact\"\)\)\)\ RLIKE\ \(SELECT\ \(CASE\
>> >> WHEN\ \(2371\=2371\)\ THEN\ 0x66726d436f6e74616374\ ELSE\ 0x28\
>> >> END\)\)\
>> >> AND\ \(\(\(\"aruB\"\ LIKE\ \"aruB\_\_PAYLOAD\_DELIMITER\_\_
>> >>
>> >> I suspect that PAYLOAD_DELIMITER was intended to be replaced before
>> >> being sent?
>> >>
>> >> Also, what's with all the %5C? There is also a strange thing in this
>> >> request "RLIKE", which I suppose should be "OR LIKE" ?
>> >>
>> >> sqlmap/1.0-dev-28529a9
>> >>
>> >>
>> >>
>> >> ------------------------------------------------------------------------------
>> >> October Webinars: Code for Performance
>> >> Free Intel webinars can help you accelerate application performance.
>> >> Explore tips for MPI, OpenMP, advanced profiling, and more. Get the
>> >> most
>> >> from
>> >> the latest Intel processors and coprocessors. See abstracts and
>> >> register >
>> >>
>> >>
>> >> http://pubads.g.doubleclick.net/gampad/clk?id=60135991&iu=/4140/ostg.clktrk
>> >> _______________________________________________
>> >> sqlmap-users mailing list
>> >> sql...@li...
>> >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>>
>>
>>
>> --
>> Andrés Riancho
>> Project Leader at w3af - http://w3af.org/
>> Web Application Attack and Audit Framework
>> Twitter: @w3af
>> GPG: 0x93C344F3
>
>
>
>
> --
> Miroslav Stampar
> http://about.me/stamparm



-- 
Andrés Riancho
Project Leader at w3af - http://w3af.org/
Web Application Attack and Audit Framework
Twitter: @w3af
GPG: 0x93C344F3