Hi Andres.
That strange part is actually a "heuristic" check. It's "injected" into the
parameter value to see if there would be a DBMS specific error message.
It's really a standard procedure.
Now, could you please explain why is it bothering you?
Kind regards,
Miroslav Stampar
On Tue, Nov 22,
Hi m4l1c3.
Thank you for your report. This last bug is fixed.
About the first one. Could you please send the URL used? Thing is that it
seems to be incompatible with standard IDNA encoding and that's kind of
strange.
Kind regards,
Miroslav Stampar
On Tue, Nov 22, 2011 at 4:44 AM, m4l1c3 wrote:
TBH, running tools like sqlmap (and metasploit for example) on windows
where AV is very prevalent can become very tedious.
It may be worth your while to run Linux within a virtual machine to
perform these tasks. You don't have to worry about Windows getting in
the way of your productivity.
On Mon
Miroslav, thanks, that is exactly the problem. Unfortunately, when I download
the latest version, svn exits on me when my virus checker complains about one
of the exe files it determined was a virus. I will have to learn svn to see if
I can have it download everything but that file.
I am usi
[INFO]s have been removed.
sqlmap version: 1.0-dev (r4525)
Python version: 2.6.5
Operating system: posix
Command line: ./sqlmap.py -u --dbs
--technique=U --level 3 --risk 3 --batch --smart --crawl 3 --threads 3
--forms --random-agent
Technique: None
Back-end DB
Hi Folks,
Whenever I use sqlmap injecting into cookies, with just
--technique=BT, even when I set --prefix="" and --suffix="" and really
no matter what I do I get the following
1- Connectivity test - All fine
2 - Check to see if the URL is stable - All fine here
3 - [PAYLOAD] 1pre
sqlmap version: 1.0-dev (r4525)
Python version: 2.6.5
Operating system: posix
Command line: ./sqlmap.py -u ***
Technique: None
Back-end DBMS: None (identified)
Traceback (most recent call last):
File "/pentest/database/sqlmap/_sqlmap.py", line 86, in main
start()
File "/
Hi Brandon.
Thank you for your report. It should be "patched" with the latest commit.
Kind regards
On Mon, Nov 21, 2011 at 8:32 PM, Brandon Perry wrote:
> Hi, The phpass detection is working excellently. Would like to report
> these:
>
> [13:27:24] [CRITICAL] there was a problem while hashing e
Hi Brandon.
It's a bit complicated. That %26 coincidentally decoded to the default
delimiter value '&' so that probably caused problems in your case with
sqlmap.
Please update to the latest revision and try it again.
Kind regards,
Miroslav Stampar
On Mon, Nov 21, 2011 at 8:45 PM, Brandon Perry
You may also grab a copy of the free edition of BurpSuite, record the
POST response, and save that to a file.
Then use the -r flag and pass the burp response to sqlmap. Will be
easier to work with.
On Mon, Nov 21, 2011 at 1:44 PM, Brandon Perry
wrote:
> I would say just use a virtual machine. Gr
I would say just use a virtual machine. Grab a copy of backtrack,
update sqlmap, and start from there.
VirtualBox is a free, open source virtualization suite that runs on
windows. You will have a much better time interacting with sqlmap.
On Mon, Nov 21, 2011 at 1:39 PM, Iago Sousa <146050...@gmai
What is the fld?
On Mon, Nov 21, 2011 at 10:30 AM, Bob Simonoff wrote:
> **
>
> I have been asked to test a web site for SQL injection. The website uses
> POST and the parameter names all have the 3 characters %26 (percent 26) as
> a separator. This makes thinks difficult, since I am running sql
Hi, The phpass detection is working excellently. Would like to report these:
[13:27:24] [CRITICAL] there was a problem while hashing entry:
'<>@\xc2\xa3\xc2\xa7\xe2\x82\xac{[]}'. Please report by e-mail to
sqlmap-users@lists.sourceforge.net
[13:27:26] [CRITICAL] there was a problem while hashing e
I have been asked to test a web site for SQL injection. The website uses POST
and the parameter names all have the 3 characters %26 (percent 26) as a
separator. This makes thinks difficult, since I am running sqlmap from windows.
First windows is trying to substitute %2 as the second argument
Aha. I haven't noticed it was yours code :). Thank you for this nice piece
of code.
Kind regards
On Mon, Nov 21, 2011 at 10:17 AM, Ulisses Castro wrote:
> Good to see that code helped sqlmap, thanks for the reference Miroslav!
>
> Nice update.
>
> Cheers,
> Ulisses Castro
>
> On Sun, Nov 20, 201
Good to see that code helped sqlmap, thanks for the reference Miroslav!
Nice update.
Cheers,
Ulisses Castro
On Sun, Nov 20, 2011 at 5:03 PM, Miroslav Stampar
wrote:
> Hi Brandon.
>
> You can find it implemented in the last revision (r4511).
>
> Kind regards,
> Miroslav Stampar
>
> On Sat, Nov 1
16 matches
Mail list logo
