Hey guys,
I've noticed an encoding issue when parsing a raw POST request from file.
If the body contains the + character (x-www-form-urlencoded), which is the equivalent of %20 (space), SQLmap is replacing that with %20.
Now, if you want to URL encode the + symbol, the encoded value is %2B, not %20.
Finally, you shouldn't parse/replace + characters in a raw POST request, because they are just fine.
See attached image (Burp Comparer). Left you have the request sent by SQLmap after parsing the raw request, and right the original raw request which was exported to file and given in input to SQLmap.
I believe this is an issue with raw input files only, everything works smoothly when calling SQLmap from command line with --data.
Hey guys,
I've noticed an encoding issue when parsing a raw POST request from file.
If the body contains the + character (x-www-form-urlencoded), which is the equivalent of %20 (space), SQLmap is replacing that with %20.
Now, if you want to URL encode the + symbol, the encoded value is %2B, not %20.
Finally, you shouldn't parse/replace + characters in a raw POST request, because they are just fine.
See attached image (Burp Comparer). Left you have the request sent by SQLmap after parsing the raw request, and right the original raw request which was exported to file and given in input to SQLmap.
I believe this is an issue with raw input files only, everything works smoothly when calling SQLmap from command line with --data.