hi Oso. there are some cases where character validation could cause problems like the one you've noticed. i won't go into details.
with the last revision (r4349) there should be a better way to handle this kind of cases. there will be 5 validation retries (incrementing time delay along the run) and if each of those retries fail last known value will be used as a final one (best solution for many reasons, including: it has the best probability to be "better" than the others, there is a great possibility - like in your case - that for some unknown reason there is a problem with the "validation" itself with the probably good value being infinitely revalidated for no reason). kr On Tue, Aug 16, 2011 at 6:11 AM, Oso Dog <osodog...@yahoo.com> wrote: > Hi there, I a new user of sqlmap and have run into a situation where sqlmap > indicates that it has found an injection point of a GET query parameter > using "Oracle AND time-based blind (heavy query - comment". I am able to use > the brute force method to enumerate the column names of a table but when I > try and do any other enumeration function, I get the following error > messages. I have used both my home and work network plus 2 different systems > and am using the most recent version from svn. > [ERROR] invalid character detected. retrying.. > [WARNING] increasing time delay to 2 seconds (due to invalid char) > I have let it run over night with the delay going up to 300 seconds but > still no luck. I am trying to figure out exactly what is causing this error > condition and if there is anything I can do on my end to resolve it? I have > also tried using the --text-only parameter. > thx. > O. > ------------------------------------------------------------------------------ > uberSVN's rich system and user administration capabilities and model > configuration take the hassle out of deploying and managing Subversion and > the tools developers use with it. Learn more about uberSVN and get a free > download at: http://p.sf.net/sfu/wandisco-dev2dev > > _______________________________________________ > sqlmap-users mailing list > sqlmap-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar (@stamparm) E-mail: miroslav.stampar (at) gmail.com PGP Key ID: 0xB5397B1B ------------------------------------------------------------------------------ uberSVN's rich system and user administration capabilities and model configuration take the hassle out of deploying and managing Subversion and the tools developers use with it. Learn more about uberSVN and get a free download at: http://p.sf.net/sfu/wandisco-dev2dev _______________________________________________ sqlmap-users mailing list sqlmap-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/sqlmap-users
