Hi!
Thanks for the greatest tool!
I've found some problem in latest revision of sqlmap.
If you will run something like:
sqlmap.py -u "http://www.google.com/news.php?id=5+OR+(4=4)" --skip-urlencode --random-agent --tamper=space2plus --technique=BSU -v 3 --dbms=mssql
And answer 'y' here:
[09:16:17] [WARNING] it appears that you have provided tainted parameter values ('id=5 OR (4=4)') with most probably leftover chars/statements from manual SQL injection test(s). Please, always use only valid parameter values so sqlmap could be able to run properly
are you really sure that you want to continue (sqlmap could have problems)? [y/N]
are you really sure that you want to continue (sqlmap could have problems)? [y/N]
You'll get some output encoding problem:
[Gw:bM:bw] [dLf4Q] ScuX1KRmE PXuhmWgc 'BBB.EXXE1c.jXg'
[Gw:bM:NG] [T830] hcuhRmE jXmmcjhRXm hX hPc hWSEch 4yt
[Gw:bM:Nb] [dLf4Q] icj1WSci BcA sWEc jPWSuch '9hI-2'
[Gw:bM:Nb] [dLf4Q] EXh Hppo cSSXS jXic: FGG (fWi ycx9cuh)
[Gw:bM:Nb] [Zry8T8Q] hPc BcA ucSKcS ScusXmici BRhP Wm Hppo cSSXS jXic (FGG) BPRjP jX91i RmhcSIcSc BRhP hPc Scu91hu XI hPc hcuhu
[Gw:bM:NG] [T830] hcuhRmE jXmmcjhRXm hX hPc hWSEch 4yt
[Gw:bM:Nb] [dLf4Q] icj1WSci BcA sWEc jPWSuch '9hI-2'
[Gw:bM:Nb] [dLf4Q] EXh Hppo cSSXS jXic: FGG (fWi ycx9cuh)
[Gw:bM:Nb] [Zry8T8Q] hPc BcA ucSKcS ScusXmici BRhP Wm Hppo cSSXS jXic (FGG) BPRjP jX91i RmhcSIcSc BRhP hPc Scu91hu XI hPc hcuhu
Printscreen attached.
In older versions(tested on something like november 2014 version) there is no such a problem.
And also:
checkWAF() function now calling every time you run sqlmap. But you really don't need that. Because of this in case there is WAF you'll get timeout every time you run sqlmap on the same target or may even get ip-ban.
I think old variant with --check-waf option is much better.
Thank you!
------------------------------------------------------------------------------ Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server from Actuate! Instantly Supercharge Your Business Reports and Dashboards with Interactivity, Sharing, Native Excel Exports, App Integration & more Get technology previously reserved for billion-dollar corporations, FREE http://pubads.g.doubleclick.net/gampad/clk?id=190641631&iu=/4140/ostg.clktrk
_______________________________________________ sqlmap-users mailing list sqlmap-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/sqlmap-users
