Hi Brandon. Sorry for late reply. It goes like this.
Your header value for content-type should be propagated/used, even in this case, in all cases THAN one. If you use --skip-urlencode and you (or your request file) state that the content-type should be "urlencoded" sqlmap forces switch to either the "recognized" (e.g. json, xml,...) or the "plain". So, that line that you've pinpointed will be triggered only in described situation. Can you please describe what are you trying to accomplish? I believe that you are trying to leave some parts (non-payload) url encoded, while you want payload to not be url encoded. Bye On Sun, Oct 18, 2015 at 11:35 AM, Miroslav Stampar < miroslav.stam...@gmail.com> wrote: > Will patch it later today. > > Bye > On Oct 17, 2015 04:32, "Brandon Perry" <bperry.volat...@gmail.com> wrote: > >> I tracked it down to ./lib/request/connect.py, line 726. >> >> contentType = POST_HINT_CONTENT_TYPES.get(kb.postHint, >> PLAIN_TEXT_CONTENT_TYPE) >> >> I am specifying a content type explicitly with —headers, so commenting >> this line out allowed sqlmap to detect the injections (the server returns >> 50x if the content type isn't right). >> >> Not sure what the correct solution is to this, as I understand the >> intent. Would this be more useful as a github issue? >> >> ------------------------------------------------------------------------------ >> _______________________________________________ >> sqlmap-users mailing list >> sqlmap-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> > -- Miroslav Stampar http://about.me/stamparm
------------------------------------------------------------------------------
_______________________________________________ sqlmap-users mailing list sqlmap-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/sqlmap-users
