This has been replied earlier. That "bug" was "neutralized".
Kind regards
On Thu, Jan 29, 2015 at 10:23 AM, sad fastfood <sadfastf...@mail.com> wrote:
> Hi!
> Thanks for the greatest tool!
> I've found some problem in latest revision of sqlmap.
> If you will run something like:
> *sqlmap.py -u "http://www.google.com/news.php?id=5+OR+(4=4
> <http://www.google.com/news.php?id=5+OR+(4=4>)" --skip-urlencode
> --random-agent --tamper=space2plus --technique=BSU -v 3 --dbms=mssql*
> And answer 'y' here:
>
> *[09:16:17] [WARNING] it appears that you have provided tainted parameter
> values ('id=5 OR (4=4)') with most probably leftover chars/statements from
> manual SQL injection test(s). Please, always use only valid parameter
> values so sqlmap could be able to run properly are you really sure that you
> want to continue (sqlmap could have problems)? [y/N]*
> You'll get some output encoding problem:
>
>
>
>
> *[Gw:bM:bw] [dLf4Q] ScuX1KRmE PXuhmWgc 'BBB.EXXE1c.jXg' [Gw:bM:NG] [T830]
> hcuhRmE jXmmcjhRXm hX hPc hWSEch 4yt [Gw:bM:Nb] [dLf4Q] icj1WSci BcA sWEc
> jPWSuch '9hI-2' [Gw:bM:Nb] [dLf4Q] EXh Hppo cSSXS jXic: FGG (fWi ycx9cuh)
> [Gw:bM:Nb] [Zry8T8Q] hPc BcA ucSKcS ScusXmici BRhP Wm Hppo cSSXS jXic (FGG)
> BPRjP jX91i RmhcSIcSc BRhP hPc Scu91hu XI hPc hcuhu*
>
> Printscreen attached.
> In older versions(tested on something like november 2014 version) there is
> no such a problem.
>
> And also:
> checkWAF() function now calling every time you run sqlmap. But you really
> don't need that. Because of this in case there is WAF you'll get timeout
> every time you run sqlmap on the same target or may even get ip-ban.
> I think old variant with --check-waf option is much better.
>
> Thank you!
>
>
>
> ------------------------------------------------------------------------------
> Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
> from Actuate! Instantly Supercharge Your Business Reports and Dashboards
> with Interactivity, Sharing, Native Excel Exports, App Integration & more
> Get technology previously reserved for billion-dollar corporations, FREE
>
> http://pubads.g.doubleclick.net/gampad/clk?id=190641631&iu=/4140/ostg.clktrk
> _______________________________________________
> sqlmap-users mailing list
> sqlmap-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>
--
Miroslav Stampar
http://about.me/stamparm
------------------------------------------------------------------------------
Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
from Actuate! Instantly Supercharge Your Business Reports and Dashboards
with Interactivity, Sharing, Native Excel Exports, App Integration & more
Get technology previously reserved for billion-dollar corporations, FREE
http://pubads.g.doubleclick.net/gampad/clk?id=190641631&iu=/4140/ostg.clktrk
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
