Hi Andres.
That strange part is actually a "heuristic" check. It's "injected" into the
parameter value to see if there would be a DBMS specific error message.
It's really a standard procedure.
Now, could you please explain why is it bothering you?
Kind regards,
Miroslav Stampar
On Tue, Nov 22, 2011 at 2:24 AM, Andres Ferraro <and...@andresferraro.com>wrote:
> Hi Folks,
>
> Whenever I use sqlmap injecting into cookies, with just
> --technique=BT, even when I set --prefix="" and --suffix="" and really
> no matter what I do I get the following
>
> 1- Connectivity test - All fine
> 2 - Check to see if the URL is stable - All fine here
> 3 - [PAYLOAD] 1pre ('""')'"))suff
> 4 - normal injection stuff...
>
> Where "pre" is whatever I set as prefix (including blank) and "suff"
> if my suffix string.
>
> Is there any way to stop the "('""')'"))" string from going out??
> I've tried everything I could think of, even removed all payloads and
> delimiters from payloads.xml.
>
> Any clue?
>
> ps: The really weird part is those characters (the parenthesis and
> quotes) would change depending on the contents of the payloads.xml
> file, yet would never go away.
>
> --
> Best regards,
> Andres mailto:and...@andresferraro.com
>
>
>
> ------------------------------------------------------------------------------
> All the data continuously generated in your IT infrastructure
> contains a definitive record of customers, application performance,
> security threats, fraudulent activity, and more. Splunk takes this
> data and makes sense of it. IT sense. And common sense.
> http://p.sf.net/sfu/splunk-novd2d
> _______________________________________________
> sqlmap-users mailing list
> sqlmap-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
--
Miroslav Stampar
http://about.me/stamparm
------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure
contains a definitive record of customers, application performance,
security threats, fraudulent activity, and more. Splunk takes this
data and makes sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-novd2d
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users