Hi Thomas.

With the latest r5076 you'll get a new switch '--skip-urlencode' which
tells sqlmap to skip URL encoding of POST data.

Kind regards,
Miroslav Stampar

On Thu, May 24, 2012 at 11:56 AM, Miroslav Stampar <
miroslav.stam...@gmail.com> wrote:

> Hi.
>
> There is no such option, but something will be done (e.g.
> --skip-urlencode). Will keep you updated.
>
> Kind regards
> On May 23, 2012 9:56 PM, "Thomas Schreiber" <ts2...@googlemail.com> wrote:
>
>> Hi,
>>
>> can I tell sqlmap to not url-encode POST-data?
>>
>> In my case a php webservice complains about not getting a '<' as first
>> character:
>>
>>   Warning: simplexml_load_string(): Entity: line 1: parser error : Start
>> tag expected, '<' not found in...
>>   Warning: simplexml_load_string(): %3Crequest...
>>
>> The reason is, that sqlmap sends the payload url-encoded:
>>
>>   %3CRequest%3E%3CID%3E111*%3C/ID>%3C%2FRequest%3E
>>
>> Trying the same request in burp without urlencoding like this:
>>
>>   <Request><ID>111*</ID></Request>
>>
>> does not produce the error
>>
>> Thanks!
>>
>> Thomas
>>
>>
>>
>> ------------------------------------------------------------------------------
>> Live Security Virtual Conference
>> Exclusive live event will cover all the ways today's security and
>> threat landscape has changed and how IT managers can respond. Discussions
>> will include endpoint security, mobile security and the latest in malware
>> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
>> _______________________________________________
>> sqlmap-users mailing list
>> sqlmap-users@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>>
>


-- 
Miroslav Stampar
http://about.me/stamparm
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users

Reply via email to