stamparm
commented
4 years ago 1) accents are a special escaping mechanism used in MySQL when the identifier looks like a reserved-keyword. In regular case, it should not cause problems - even more, there are more benefits of using it than disabling it. Please don't reply with "but my column doesn't need escaping" - there is a generic list of keywords embedded inside the sqlmap. IT SHOULD not be a problem in general case, even escaping of all the columns/identifiers
2) Tried to reproduce, had no problems - even when forced the usage of those "accents"
3) With latest revision/commit you should be able to prevent that "escaping" with the usage of --no-escape
Target is MySQL >= 5.0.0 BTU exploitable. Fetching with --dump after _-T tablename works fine. Fetching only specific columns from tablename result in a fail. I am using option -C column1,column2,column3,column4,column5,column6,column7,column8 --dump_
Notice the accents U+60 around column1? If I remove column1 from the specified columns to be dumped, there is no more accents at any of the columns names. However it still fails with the same error: