Re: [sqlmap-users] Update query
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] Update query
|
From: David A. <dav...@gm...> - 2011-11-09 16:58:04
|
Hi Bernardo, Thank you very much for the quick reply. On Tue, Nov 8, 2011 at 2:58 PM, Bernardo Damele A. G. < ber...@gm...> wrote: > Hi David, > > On 8 November 2011 13:13, David Alvarez <dav...@gm...> wrote: > > ... > > The problem is that sqlmap is not able to detect differences because when > > sqlmap execute A) the value will be locked, so the following requests > won't > > modify the results in the database, the item is locked, and all responses > > will be equal. > > To unlock the item, you have to execute another functionality.So, how > does > > sqlmap deal in these situations? > > What do you mean by "execute another functionality"? If you just need > to perform a certain GET request, then fine, sqlmap can do it. Use > switches: > --safe-url=SAFURL Url address to visit frequently during testing > --safe-freq=SAFREQ Test requests between two visits to a given safe url > > Refer to the user's manual for details. > > I will use those switches, although my functionality is a POST request. But I can convert from GET to POST with a proxy in the middle. > > A solution could be provide the unlock request and execute that > funcionality > > after every request made by sqlmap, in order to unlock the item and > detect > > changes in the responses. However, this duplicates the number of requests > > needed. > > At the moment --safe-url only supports a GET request, we can think of > making it able to get the raw request from a text file instead so it > would also support POST (like for -r). > > Cheers, > Bernardo > > > -- > Bernardo Damele A. G. > > E-mail / Jabber: bernardo.damele (at) gmail.com > Mobile: +447788962949 (UK 07788962949) > PGP Key ID: Unavailable > Cheers, David |
