Re: [sqlmap-users] Not url-encoding POST-data possible?

Fri, 25 May 2012 03:40:46 -0700 

Miroslav, great! Makes me and my customer happy!

 

Thomas

 

Von: Miroslav Stampar [mailto:miroslav.stam...@gmail.com] 
Gesendet: Freitag, 25. Mai 2012 01:12
An: Thomas Schreiber
Cc: sqlmap-users@lists.sourceforge.net
Betreff: Re: [sqlmap-users] Not url-encoding POST-data possible?

 

Hi Thomas.

 

With the latest r5076 you'll get a new switch '--skip-urlencode' which tells
sqlmap to skip URL encoding of POST data.

 

Kind regards,

Miroslav Stampar

On Thu, May 24, 2012 at 11:56 AM, Miroslav Stampar
<miroslav.stam...@gmail.com> wrote:

Hi.

There is no such option, but something will be done (e.g. --skip-urlencode).
Will keep you updated.

Kind regards

On May 23, 2012 9:56 PM, "Thomas Schreiber" <ts2...@googlemail.com> wrote:

Hi,

can I tell sqlmap to not url-encode POST-data?

In my case a php webservice complains about not getting a '<' as first
character:

  Warning: simplexml_load_string(): Entity: line 1: parser error : Start
tag expected, '<' not found in...
  Warning: simplexml_load_string(): %3Crequest...

The reason is, that sqlmap sends the payload url-encoded:

  %3CRequest%3E%3CID%3E111*%3C/ID>%3C%2FRequest%3E

Trying the same request in burp without urlencoding like this:

  <Request><ID>111*</ID></Request>

does not produce the error

Thanks!

Thomas


----------------------------------------------------------------------------
--
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users





 

-- 
Miroslav Stampar
http://about.me/stamparm


------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users

Reply via email to