hi Oso.

there are some cases where character validation could cause problems
like the one you've noticed. i won't go into details.

with the last revision (r4349) there should be a better way to handle
this kind of cases. there will be 5 validation retries (incrementing
time delay along the run) and if each of those retries fail last known
value will be used as a final one (best solution for many reasons,
including: it has the best probability to be "better" than the others,
there is a great possibility - like in your case - that for some
unknown reason there is a problem with the "validation" itself with
the probably good value being infinitely revalidated for no reason).

kr

On Tue, Aug 16, 2011 at 6:11 AM, Oso Dog <osodog...@yahoo.com> wrote:
> Hi there, I a new user of sqlmap and have run into a situation where sqlmap
> indicates that it has found an injection point of a GET query parameter
> using "Oracle AND time-based blind (heavy query - comment". I am able to use
> the brute force method to enumerate the column names of a table but when I
> try and do any other enumeration function, I get the following error
> messages. I have used both my home and work network plus 2 different systems
> and am using the most recent version from svn.
>  [ERROR] invalid character detected. retrying..
>  [WARNING] increasing time delay to 2 seconds (due to invalid char)
> I have let it run over night with the delay going up to 300 seconds but
> still no luck.  I am trying to figure out exactly what is causing this error
> condition and if there is anything I can do on my end to resolve it? I have
> also tried using the --text-only parameter.
> thx.
> O.
> ------------------------------------------------------------------------------
> uberSVN's rich system and user administration capabilities and model
> configuration take the hassle out of deploying and managing Subversion and
> the tools developers use with it. Learn more about uberSVN and get a free
> download at:  http://p.sf.net/sfu/wandisco-dev2dev
>
> _______________________________________________
> sqlmap-users mailing list
> sqlmap-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>



-- 
Miroslav Stampar (@stamparm)

E-mail: miroslav.stampar (at) gmail.com
PGP Key ID: 0xB5397B1B

------------------------------------------------------------------------------
uberSVN's rich system and user administration capabilities and model 
configuration take the hassle out of deploying and managing Subversion and 
the tools developers use with it. Learn more about uberSVN and get a free 
download at:  http://p.sf.net/sfu/wandisco-dev2dev
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users

Reply via email to