[sqlmap-users] Match ratio threshold too low by default?
Brought to you by:
inquisb
Menu
▾
▴
[sqlmap-users] Match ratio threshold too low by default?
|
From: Matthijs K. <mat...@st...> - 2010-08-09 11:15:42
|
(Please CC me, I'm not subscribed) Hi folks, I've just been fiddling around with sqlmap a bit, and I had some problems with sqlmap claiming that some parameter is not dynamic, while I'm certain it is. After a bit of sourcegrepping, I found that the dynamicness is tested using a comparions with a threshold. In my particular case, the parameter was dynamic, but affected the resulting page only in a single small spot. The comparator therefore said the similarity ratio was 0.996, whereas less than 0.9 is required. This 0.9 is currently hardcoded in MATCH_RATIO in core/settings.py, though there is a comment to make this a commandline option. Doing this would probably increase the utility of sqlmap for cases such as mine. However, to actually let users know about this option and how it can help, the "is not dynamic" error message should probably include the actual ratio and a hint to this new commandline option. I hope you can get this change into a next version. Gr. Matthijs |
