Re: [sqlmap-users] [PATCH] Show the raw payload in the exploit method info
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] [PATCH] Show the raw payload in the exploit method info
|
From: Miroslav S. <mir...@gm...> - 2012-02-11 08:41:21
|
Hi. Payload is a must because it's usable from practical point of view. It can be copy pasted into the browser and used right away. Vector is just a form how to make a payload. Sorry, but the final decision is like the way it is. Kind regards, Miroslav Stampar On Feb 10, 2012 9:15 PM, "Till Maas" <ope...@ti...> wrote: > Hi Miroslav, > > On Fri, Feb 10, 2012 at 03:59:39PM +0100, Miroslav Stampar wrote: > > > Basically, IMO average user doesn't care about anything but the data > > retrieval. But, nevertheless, find this "patch" included with the latest > > commit (r4735). You'll be able to see the vector if you use greater > verbose > > mode than the default 1 (e.g. -v 2). > > thank you for including the patch. But I would like to propose to change > payload and vector in the output. To me it looks more useful to display > the vector instead of the payload in a normal use case. The Payload > usually does not make it clear how a certain injection works and what it > does without the information what the vector is. Therefore I do not see > much value for the average user to see the payload without the vector. > But the vector is useful without knowing the payload imho, because the > actual values used for the payload are imho mainly useful for debugging. > > So my proposal is to show the vector instead of the payload by default > and only the payload if the verbosity is greater than 1. Or do you know > use cases for average users to know the payload? > > Regards > Till > |
