The actual request is a SOAP payload, which requires a content type of XML, and no URL encoding (which, if performed, returns a 50x).
On Mon, Oct 19, 2015 at 6:37 AM, Miroslav Stampar < miroslav.stam...@gmail.com> wrote: > Hi Brandon. > > Sorry for late reply. It goes like this. > > Your header value for content-type should be propagated/used, even in this > case, in all cases THAN one. > > If you use --skip-urlencode and you (or your request file) state that the > content-type should be "urlencoded" sqlmap forces switch to either the > "recognized" (e.g. json, xml,...) or the "plain". So, that line that you've > pinpointed will be triggered only in described situation. > > Can you please describe what are you trying to accomplish? I believe that > you are trying to leave some parts (non-payload) url encoded, while you > want payload to not be url encoded. > > Bye > > On Sun, Oct 18, 2015 at 11:35 AM, Miroslav Stampar < > miroslav.stam...@gmail.com> wrote: > >> Will patch it later today. >> >> Bye >> On Oct 17, 2015 04:32, "Brandon Perry" <bperry.volat...@gmail.com> wrote: >> >>> I tracked it down to ./lib/request/connect.py, line 726. >>> >>> contentType = POST_HINT_CONTENT_TYPES.get(kb.postHint, >>> PLAIN_TEXT_CONTENT_TYPE) >>> >>> I am specifying a content type explicitly with —headers, so commenting >>> this line out allowed sqlmap to detect the injections (the server returns >>> 50x if the content type isn't right). >>> >>> Not sure what the correct solution is to this, as I understand the >>> intent. Would this be more useful as a github issue? >>> >>> ------------------------------------------------------------------------------ >>> _______________________________________________ >>> sqlmap-users mailing list >>> sqlmap-users@lists.sourceforge.net >>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >>> >> > > > -- > Miroslav Stampar > http://about.me/stamparm > -- http://volatile-minds.blogspot.com -- blog http://www.volatileminds.net -- website
------------------------------------------------------------------------------
_______________________________________________ sqlmap-users mailing list sqlmap-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/sqlmap-users
