[sqlmap-users] Ctrl+C in detection phase
Brought to you by:
inquisb
Menu
▾
▴
[sqlmap-users] Ctrl+C in detection phase
|
From: David G. <sk...@gm...> - 2011-02-15 21:32:35
|
Hello, can I suggest a new feature? Why not put an option to advance to the next testing inside detection phase? Hypothetical example: [18:32:52] [INFO] testing 'Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause' [18:32:52] [PAYLOAD] 1499) AND 1366=CONVERT(INT,(CHAR(58)+CHAR(117)+CHAR(117)+CHAR(117)+CHAR(58)+(SELECT (CASE WHEN (1366=1366) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(58)+CHAR(99)+CHAR(103)+CHAR(109)+CHAR(58))) AND (3656=3656 *^C[18:32:52] [WARNING] Ctrl+C detected in detection phase How do you want to proceed? [**(o)ther payload test/**(S)kip test/**(e)nd detection phase/(n)ext parameter/(q)uit]* *o* [18:32:54] [PAYLOAD] 1499' AND 1366=CONVERT(INT,(CHAR(58)+CHAR(117)+CHAR(117)+CHAR(117)+CHAR(58)+(SELECT (CASE WHEN (1366=1366) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(58)+CHAR(99)+CHAR(103)+CHAR(109)+CHAR(58))) AND '3656'='3656 [18:32:54] [PAYLOAD] 1499 AND 1366=CONVERT(INT,(CHAR(58)+CHAR(117)+CHAR(117)+CHAR(117)+CHAR(58)+(SELECT (CASE WHEN (1366=1366) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(58)+CHAR(99)+CHAR(103)+CHAR(109)+CHAR(58))) AND 3656=3656 Why? Because there is some cases where the actual testing query hang the server (as i am suffering this right now with the first payload query) and the detection phase can't continue(try to reconnect or increasing the read-timeout don't work)... so, with this option, there is some chance that another payload with less or more brackets or quotation marks, could succeed. Just an suggestion =) David |
