Re: [sqlmap-users] Time--test
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] Time--test
|
From: Bernardo D. A. G. <ber...@gm...> - 2010-02-16 11:17:33
|
Sam, On Wed, Feb 10, 2010 at 22:32, Sam Elliot <dr...@bu...> wrote: > I have manually confirmed a simple 'waitfor%20delay'0:0:20'- sql > injection vector in a site test, but when I try to replicate this with > SQLMap using the '--time-test' option it does not even perform any 'wait > for delay' type vectors as shown in the usage options. > ... By (weak) design, sqlmap tries specified --stacked-test, --time-test and --union-test only if beforehand it detected a boolean based blind sql injection. This is wrong and will be fixed starting from March. Regards, -- Bernardo Damele A. G. E-mail / Jabber: bernardo.damele (at) gmail.com Mobile: +447788962949 (UK 07788962949) PGP Key ID: 0x05F5A30F |
