I’ve come across a SQL injection that uppercases the input, so that 0xaaaa becomes 0XAAAA. This isn’t a valid hex value in MySQL since 0X is required to use a lowercase x. I attempted to use a quick —eval argument to change the syntax from 0x to X’’, but the single quotes in the X’' syntax end up being escaped with double slashes so the syntax is still broken (X’’ -> X\\’\\’).
What are the chances a different encoding using UNHEX and CONCAT be used instead of 0x when using BENCHMARK? For instance: BENCHMARK(5000000,MD5(0xaaaa)) Could be rewritten as: BENCHMARK(5000000,MD5(UNHEX(CONCAT(CHAR(65),CHAR(65),CHAR(65),CHAR(65)) Perhaps this is attainable with a tamper script and I am missing it? This would prevent the application from breaking the SQL syntax by changing 0x to 0X. Any thoughts are appreciated!
signature.asc
Description: Message signed with OpenPGP
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ sqlmap-users mailing list sqlmap-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/sqlmap-users
