Hello,
there is a time that i am having a problem with sqlmap.
The value of ViewSTATE and EventValidation parameters change in the second request and corrupt the payload.
Example:
1st request:
__EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwULLTE2Mzc0MDMxNjEPFgIeCmlkQ29uY3Vyc28COxYCZg9kFgICAw9kFgICAQ9kFgYCAQ8PFgIeBFRleHQFYUNPUkVNRSAtIFJlc2lkw6puY2lhIE3DqWRpY2EgLSBFc3BlY2lhbGlkYWRlcyBDbMOtbmljYXMsIENpcsO6cmdpY2FzIGUgw4FyZWFzIGRlIEF0dWHDp8OjbyAtIDIwMThkZAILDw8WBB8BBRZSZXN1bHRhZG8gZGEgY29uc3VsdGE6HgdWaXNpYmxlZ2RkAg0PDxYCHwJnZBYIAgEPDxYCHwEFE0Rpb2dvIEZvbnRlcyBTYW50b3NkZAIDDw8WAh8BBRAwMzUuMDMxLjgzMy02MSc%2FZGQCBQ8PFgIfAQUPQ29sb3Byb2N0b2xvZ2lhZGQCBw8PFgIfAQUVSW5zY3Jpw6fDo28gRWZldGl2YWRhZGRkKDXl3k5oYIgJ%2BwMfJOW8VhtMGJ%2B%2FEixgH9vGPX7RVGM%3D&__VIEWSTATEGENERATOR=8B06EF31&__EVENTVALIDATION=%2FwEdAAMRUCQi8D8oTvju%2FELHJFiWmbVOYtG0rFS3smCexx6QWi1C5ceso0TiiR3E8KJQreKH3JBT0EProY93KBdahNoj8z0ZJJSk6kLtQyth8MFxlQ%3D%3D&ctl00%24ContentPlaceHolder1%24TextBox=XYZ
2nd request:
__EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=%5C%2FwEPDwULLTE2Mzc0MDMxNjEPFgIeCmlkQ29uY3Vyc28COxYCZg9kFgICAw9kFgICAQ9kFgYCAQ8PFgIeBFRleHQFYUNPUkVNRSAtIFJlc2lkw6puY2lhIE3DqWRpY2EgLSBFc3BlY2lhbGlkYWRlcyBDbMOtbmljYXMsIENpcsO6cmdpY2FzIGUgw4FyZWFzIGRlIEF0dWHDp8OjbyAtIDIwMThkZAILDw8WBB8BBRZSZXN1bHRhZG8gZGEgY29uc3VsdGE6HgdWaXNpYmxlZ2RkAg0PDxYCHwJnZBYIAgEPDxYCHwEFE0Rpb2dvIEZvbnRlcyBTYW50b3NkZAIDDw8WAh8BBQ4wMzUuMDMxLjgzMy02MWRkAgUPDxYCHwEFD0NvbG9wcm9jdG9sb2dpYWRkAgcPDxYCHwEFFUluc2NyacOnw6NvIEVmZXRpdmFkYWRkZFaQ6MTtnOfY4aRliko1%5C%2BPuMCrC%5C%2Fg77T3uHYB18GR2Aa&__VIEWSTATEGENERATOR=8B06EF31&__EVENTVALIDATION=%5C%2FwEdAANE%5C%2FhrZ1mFt%5C%2BiPPe0KtvNpHmbVOYtG0rFS3smCexx6QWi1C5ceso0TiiR3E8KJQreLAw9PBWqvToWrcbKCk4p8f7AyksNGiTRUfj5I2waW9gg%5C=%5C=&ctl00%24ContentPlaceHolder1%24CPFTextBox=XYZ
The character %5c() is added before the characters "%2b"(+) and "%2F"(/).
Any idea what is happening?
Hello,
there is a time that i am having a problem with sqlmap.
The value of ViewSTATE and EventValidation parameters change in the second request and corrupt the payload.
Example:
1st request:
__EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwULLTE2Mzc0MDMxNjEPFgIeCmlkQ29uY3Vyc28COxYCZg9kFgICAw9kFgICAQ9kFgYCAQ8PFgIeBFRleHQFYUNPUkVNRSAtIFJlc2lkw6puY2lhIE3DqWRpY2EgLSBFc3BlY2lhbGlkYWRlcyBDbMOtbmljYXMsIENpcsO6cmdpY2FzIGUgw4FyZWFzIGRlIEF0dWHDp8OjbyAtIDIwMThkZAILDw8WBB8BBRZSZXN1bHRhZG8gZGEgY29uc3VsdGE6HgdWaXNpYmxlZ2RkAg0PDxYCHwJnZBYIAgEPDxYCHwEFE0Rpb2dvIEZvbnRlcyBTYW50b3NkZAIDDw8WAh8BBRAwMzUuMDMxLjgzMy02MSc%2FZGQCBQ8PFgIfAQUPQ29sb3Byb2N0b2xvZ2lhZGQCBw8PFgIfAQUVSW5zY3Jpw6fDo28gRWZldGl2YWRhZGRkKDXl3k5oYIgJ%2BwMfJOW8VhtMGJ%2B%2FEixgH9vGPX7RVGM%3D&__VIEWSTATEGENERATOR=8B06EF31&__EVENTVALIDATION=%2FwEdAAMRUCQi8D8oTvju%2FELHJFiWmbVOYtG0rFS3smCexx6QWi1C5ceso0TiiR3E8KJQreKH3JBT0EProY93KBdahNoj8z0ZJJSk6kLtQyth8MFxlQ%3D%3D&ctl00%24ContentPlaceHolder1%24TextBox=XYZ
2nd request:
__EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=%5C%2FwEPDwULLTE2Mzc0MDMxNjEPFgIeCmlkQ29uY3Vyc28COxYCZg9kFgICAw9kFgICAQ9kFgYCAQ8PFgIeBFRleHQFYUNPUkVNRSAtIFJlc2lkw6puY2lhIE3DqWRpY2EgLSBFc3BlY2lhbGlkYWRlcyBDbMOtbmljYXMsIENpcsO6cmdpY2FzIGUgw4FyZWFzIGRlIEF0dWHDp8OjbyAtIDIwMThkZAILDw8WBB8BBRZSZXN1bHRhZG8gZGEgY29uc3VsdGE6HgdWaXNpYmxlZ2RkAg0PDxYCHwJnZBYIAgEPDxYCHwEFE0Rpb2dvIEZvbnRlcyBTYW50b3NkZAIDDw8WAh8BBQ4wMzUuMDMxLjgzMy02MWRkAgUPDxYCHwEFD0NvbG9wcm9jdG9sb2dpYWRkAgcPDxYCHwEFFUluc2NyacOnw6NvIEVmZXRpdmFkYWRkZFaQ6MTtnOfY4aRliko1%5C%2BPuMCrC%5C%2Fg77T3uHYB18GR2Aa&__VIEWSTATEGENERATOR=8B06EF31&__EVENTVALIDATION=%5C%2FwEdAANE%5C%2FhrZ1mFt%5C%2BiPPe0KtvNpHmbVOYtG0rFS3smCexx6QWi1C5ceso0TiiR3E8KJQreLAw9PBWqvToWrcbKCk4p8f7AyksNGiTRUfj5I2waW9gg%5C=%5C=&ctl00%24ContentPlaceHolder1%24CPFTextBox=XYZ
The character %5c() is added before the characters "%2b"(+) and "%2F"(/).
Any idea what is happening?