Re: [sqlmap-users] Match ratio threshold too low by default?
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] Match ratio threshold too low by default?
|
From: Miroslav S. <mir...@gm...> - 2010-08-09 22:47:02
|
On Mon, Aug 9, 2010 at 12:51 PM, Matthijs Kooijman <mat...@st...> wrote: > (Please CC me, I'm not subscribed) > > Hi folks, > > I've just been fiddling around with sqlmap a bit, and I had some > problems with sqlmap claiming that some parameter is not dynamic, while > I'm certain it is. > > After a bit of sourcegrepping, I found that the dynamicness is tested > using a comparions with a threshold. In my particular case, the > parameter was dynamic, but affected the resulting page only in a single > small spot. The comparator therefore said the similarity ratio was > 0.996, whereas less than 0.9 is required. > > This 0.9 is currently hardcoded in MATCH_RATIO in core/settings.py, > though there is a comment to make this a commandline option. Hi. Everything is clear here, but one thing. Could you please point me to the part (file and line number) where (or was) "there is a comment to make this a commandline option"? Kind regards. Doing this > would probably increase the utility of sqlmap for cases such as mine. > However, to actually let users know about this option and how it can > help, the "is not dynamic" error message should probably include the > actual ratio and a hint to this new commandline option. > > I hope you can get this change into a next version. > > Gr. > > Matthijs > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.9 (GNU/Linux) > > iEYEARECAAYFAkxf3bkACgkQz0nQ5oovr7wrRwCeIizHKG58nGqHUfJMJKogaTrF > xPIAoIidSQEcPtFjtR4dZBdp/DSQ95K+ > =tl6U > -----END PGP SIGNATURE----- > > ------------------------------------------------------------------------------ > This SF.net email is sponsored by > > Make an app they can't live without > Enter the BlackBerry Developer Challenge > http://p.sf.net/sfu/RIM-dev2dev > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar E-mail / Jabber: miroslav.stampar (at) gmail.com Mobile: +385921010204 (HR 0921010204) PGP Key ID: 0xB5397B1B |