[sqlmap-users] Feature Request - Select Specific Test
Brought to you by:
inquisb
Menu
▾
▴
[sqlmap-users] Feature Request - Select Specific Test
|
From: Yori K. <yo...@co...> - 2012-06-13 20:50:04
|
Hey Everyone, New to the list but have been using sqlmap for a while now. I recently participated in a CTF with an interesting blind, filter bypass sql injection. Lots of restrictions. I set a challenge for myself to solve it using sqlmap and managed to get it working with some effort. Of the changes I had to make to get it to work included modifications to queries.xml as well as specific arguments, but most of what I'm going to request here is about payloads.xml. In trying to solve the challenge, I realized I needed to make sqlmap laser focus on a single test. This was both for false negative reduction, number of queries sent, and time limit. I did this myself by removing every other test from payloads.xml but it brought to mind the idea of being able to specify a test via command line arguments. You can specify pretty much everything else on the command line, so the added granularity would be nice. My philosophy on sql injection is that testing for it should be done manually, then once found, get a tool like sqlmap to work with it and perform all the time consuming brute forcing work for you. With that in mind it makes sense to be able to specify a test/payload combination that you have found and you know is working. Thanks for your consideration. Excellent work on the tool. - Yori |
