Web server trimming last char of output (union injection) #45
Description
There are noticed cases when last character of output is trimmed:
[15:02:01] [INFO] testing MySQL
[15:02:03] [WARNING] reflective value(s) found and filtering out
[15:02:03] [WARNING] possible server trimmed output detected (due to its length): 1:ugd-->
|
[15:02:03] [WARNING] the back-end DBMS is not MySQL
[15:02:03] [CRITICAL] sqlmap was not able to fingerprint the back-end database management system. Support for this DBMS will be implemented at some point
In given case kb.chars.stop was :ugd: but at the output it appeared as :ugd because of last character removal (in web application logic). Detect this and patch it. |