Re: [sqlmap-users] Problem with using Webscarab conversations
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] Problem with using Webscarab conversations
|
From: Miroslav S. <mir...@gm...> - 2011-01-18 21:21:13
|
Hi Antonios. main question is: are you able to reproduce this kind of behavior again? if yes, then sqlmap really has some "bug" and it would be great if you could (maybe privately) provide is with further details from used logs. if no, thing that comes to my mind and that can screw things up is "dynamicity". we've worked hard to make a good comparison/detection engine together with dynamicity removal, but still, pages with lots of garbaged styles/tags/scripts... can screw things up, especially when only a small part of the page is affected by injection itself. hence there are switches like --string and --text-only (removes all tags/scripts/styles and retrieves only pure text) that can do miracles in those kind of cases. KR On Tue, Jan 18, 2011 at 10:04 PM, Antonios Atlasis <ant...@gm...> wrote: > > Hello to the list, > > after spidering a site that is vulnerable to SQLi with Webscarab, I fed its > conversations directory to sqlmap using the -l option. > sqlmap didn't find any SQLi vulnerable. > > Then, I fed a vulnerable URL to sqlmap with the -u option (which URL was > also included in the webscarab conversations and it had also been tested > before with sqlmap), and sqlmap did found this time the specific SQLi > vulnerability. > > Has anyone else observed a problem using Webscarab conversations? Is there > any tip or trick that I can use in order to solve this problem? > > Thanks in advance > > Antonios > > ------------------------------------------------------------------------------ > Protect Your Site and Customers from Malware Attacks > Learn about various malware tactics and how to avoid them. Understand > malware threats, the impact they can have on your business, and how you > can protect your company and customers by using code signing. > http://p.sf.net/sfu/oracle-sfdevnl > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar E-mail / Jabber: miroslav.stampar (at) gmail.com Mobile: +385921010204 (HR 0921010204) PGP Key ID: 0xB5397B1B Location: Zagreb, Croatia |
