Re: [sqlmap-users] --ignore-404 ?
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] --ignore-404 ?
|
From: Miroslav S. <mir...@gm...> - 2013-04-25 18:13:40
|
Hi Buawig. Currently, sqlmap should not stop in testing mode (it's discutable what to do in enumeration phase - currently we abrupt program run in such case) on any occurrence of non-200 code. Could you please be more specific here? Maybe there is somewhere a hidden bug related. Kind regards, Miroslav Stampar On Wed, Apr 24, 2013 at 8:40 PM, buawig <bu...@gm...> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 > > Hi, > > a custom web application responds to different URL parameter payloads > with changing HTTP status codes: > > > example.com/foo.bar?param=payload1 > response: 200 > > example.com/foo.bar?param=payload2 > response: 403 > > example.com/foo.bar?param=payload3 > response: 400 > > example.com/foo.bar?param=payload4 > response: 404 > > ... > > sqlmap seams to tolerate occasional 404 response codes but when > running with --level=5 sqlmap gives up due to the high amount of 404 > response codes. > > Even though this web application behaviour is probably not HTTP > conform, is there a way to tell sqlmap "keep on going even if the > server tells you 404 file not found"? > > If there is currently no such feature, what do you think about it? > > With --ignore-404 I do not mean to imply that sqlmap should not > evaluate HTTP status codes at all (e.g. when using to differentiate > between true and false in boolean based sql injections). > -----BEGIN PGP SIGNATURE----- > > iQIcBAEBCgAGBQJReCcRAAoJEJeRHQyF0ukMSOEQALnMIGbE1RokANiasA6LnES2 > 5+tghChF/X3c2dleN4bOG7QQU14jI32tBjGRcncET7WOc16XBXExTOAMzp8GUKQU > 6JUMwVwBssUAcJ5C3CM1/IzCh8A03k9G0jNYobEMxWhd0a7Y9b9n1lhjf/aE2nDf > DZUPqErXEAWXSfJAeG6Rm9kr8sfnMvSS6Qqa8oCZ6f3d52eEztSuU79l9FMu8CRu > yI8qk2kpQj3S7PbJ/ahy2aCMfycvPpgZyTlFRomPKB3VR5ZLiomCKu2r+Q5Nyism > P4BS7t2nUawyk3MUadjFxxetxCuOLv6oDVE95hwYREJ0ynkys4Q7t85vLl+d8DDz > y0Dtdj93KZqxwGKfrWcBsS4rcfBXqncLaFSFwmIAlJbk5Mf5qwYmnc5HxH7apyhn > B9vwfcZlMllrIYhcZo/EmMzXo617TCAnfBljCmskEjZZCCmtIaLpEUfYY2K1Zvcd > c/4gAQmTWGiW9jaPa0WQ35PrMyz9okRpylHfmApFMEpmCPj7aIaZuQFRM6MNtrul > zylUcJK1zcGQh2gUYvdFrCdUhuHbN+NNJtLF1XKe5PsahyzBpWHluyony52V7CPK > bbikP6q3VQi+ONNvPW+M6ZGquMiagaTwcKM4tY3OWgZWyf8gxhJFgBhLOeUJXRkX > WOD+PRSe2JBDLE577t5g > =wHFU > -----END PGP SIGNATURE----- > > > ------------------------------------------------------------------------------ > Try New Relic Now & We'll Send You this Cool Shirt > New Relic is the only SaaS-based application performance monitoring service > that delivers powerful full stack analytics. Optimize and monitor your > browser, app, & servers with just a few lines of code. Try New Relic > and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_apr > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > -- Miroslav Stampar http://about.me/stamparm |
