Re: [sqlmap-users] PAYLOAD_DELIMITER replace bug?

Wed, 23 Oct 2013 08:21:35 -0700 

Hi Andres.

Expect a fix ASAP (<1 hour).

Bye
On Oct 23, 2013 5:18 PM, "Andres Riancho" <andres.rian...@gmail.com> wrote:

> I'm capturing sqlmap's traffic using burp and I see:
>
>
> %5C_%5C_PAYLOAD%5C_DELIMITER%5C_%5C_frmContact%5C%22%5C%29%5C%29%5C%29%5C%20RLIKE%5C%20%5C%28SELECT%5C%20%5C%28CASE%5C%20WHEN%5C%20%5C%282371%5C=2371%5C%29%5C%20THEN%5C%200x66726d436f6e74616374%5C%20ELSE%5C%200x28%5C%20END%5C%29%5C%29%5C%20AND%5C%20%5C%28%5C%28%5C%28%5C%22aruB%5C%22%5C%20LIKE%5C%20%5C%22aruB%5C_%5C_PAYLOAD%5C_DELIMITER%5C_%5C_
>
> Decoded:
>
> \_\_PAYLOAD\_DELIMITER\_\_frmContact\"\)\)\)\ RLIKE\ \(SELECT\ \(CASE\
> WHEN\ \(2371\=2371\)\ THEN\ 0x66726d436f6e74616374\ ELSE\ 0x28\ END\)\)\
> AND\ \(\(\(\"aruB\"\ LIKE\ \"aruB\_\_PAYLOAD\_DELIMITER\_\_
>
> I suspect that PAYLOAD_DELIMITER was intended to be replaced before
> being sent?
>
> Also, what's with all the %5C? There is also a strange thing in this
> request "RLIKE", which I suppose should be "OR LIKE" ?
>
> sqlmap/1.0-dev-28529a9
>
>
> ------------------------------------------------------------------------------
> October Webinars: Code for Performance
> Free Intel webinars can help you accelerate application performance.
> Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most
> from
> the latest Intel processors and coprocessors. See abstracts and register >
> http://pubads.g.doubleclick.net/gampad/clk?id=60135991&iu=/4140/ostg.clktrk
> _______________________________________________
> sqlmap-users mailing list
> sqlmap-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>

------------------------------------------------------------------------------
October Webinars: Code for Performance
Free Intel webinars can help you accelerate application performance.
Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from 
the latest Intel processors and coprocessors. See abstracts and register >
http://pubads.g.doubleclick.net/gampad/clk?id=60135991&iu=/4140/ostg.clktrk
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users

Reply via email to