Re: [sqlmap-users] Need some matching help
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] Need some matching help
|
From: Konrads S. <ko...@sm...> - 2009-03-05 08:17:09
|
So, if You input valid data, then it shows a page and if not (expression evaluates to false) then blank? Sounds like a typical blind injection. I wonder if You can match string against header, so content-len:0 would work. On 3/4/09, nein wanwan <nei...@gm...> wrote: > > Ahoy. Having a problem here couldn't think of any other place to ask for > help so here I am. > > A couple days ago I was using sqlmap to verify a potential injection I had > found earlier and was able to do some of the different enumerations > successfully (current-user, current-db, etc). > > Anyway, the developers of said application came back in a day and said all > the problems on the site were fixed (mmhmmm). Turns out all they did was > remove the custom error page and instead now return a completely blank page > with a Content-Length of zero. There are obviously no strings to match since > there is no content... > > Basically is there a way to do regex/str matching on the response headers? > Drawing a blank... maybe there are some other options that would fulfill my > needs that I'm not seeing? > > Thanks. > > > ------------------------------------------------------------------------------ > Open Source Business Conference (OSBC), March 24-25, 2009, San Francisco, > CA > -OSBC tackles the biggest issue in open source: Open Sourcing the > Enterprise > -Strategies to boost innovation and cut costs with open source > participation > -Receive a $600 discount off the registration fee with the source code: > SFAD > http://p.sf.net/sfu/XcvMzF8H > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- -- Konrads Smelkovs Applied IT sorcery. |
