Re: [sqlmap-users] Off by one?
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] Off by one?
|
From: Bernardo D. A. G. <ber...@gm...> - 2009-04-03 14:59:18
|
Hi Joe, On Wed, Mar 25, 2009 at 16:40, Pragmatk <pra...@gm...> wrote: > When you cancel a running attack against a host (and you have specified > a session file), sqlmap will resume where it left. Unfortunately it will > miss the last character (the one it was in the process of reading). It "misses" the last character because it is still processing it: if you stop sqlmap while the bisection algorithm is detecting its value, it can not obviously be saved to the session file. sqlmap saves to the session file in real-time only enumerated data it is sure about the value, character by character. > This > has caused me quite some irritation due to an unstable wifi. I was using > threads, so I was missing 10 characters for each time I got kicked off > the wifi. > It would be awesome if someone could look over it and fix. A slightly different principle applies when you're running sqlmap with multithreading: the tool only output the enumerated data to the session file when all the threads for the SQL statement in exam are done. The number of threads corresponds to max(num_threads_from_user, statement_value_length_precalculated). Hope this clarifies a bit how it works. Cheers, -- Bernardo Damele A. G. E-mail / Jabber: bernardo.damele (at) gmail.com Mobiles: +447788962949 (UK), +393493821385 (IT) PGP Key ID: 0x05F5A30F |
