Re: [sqlmap-users] inverting --string and --not-string
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] inverting --string and --not-string
|
From: Miroslav S. <mir...@gm...> - 2016-04-23 14:43:55
|
Changed wiki pages for --string to: ...which should be present on original page (though it is not a requirement)... Bye On Sat, Apr 23, 2016 at 4:40 PM, Miroslav Stampar < mir...@gm...> wrote: > Just checked. > > sqlmap only warns that there is no --string in original response. So, I > just need to change the wiki pages accordingly > > Bye > > On Fri, Apr 22, 2016 at 5:43 PM, Miroslav Stampar < > mir...@gm...> wrote: > >> p.s. "Will check current status now" -> "Will check current status later >> today" >> On Apr 22, 2016 5:42 PM, "Miroslav Stampar" <mir...@gm...> >> wrote: >> >>> Ok. This makes way more sense :). Now commuting. Will check current >>> status now (will drop checking in original if it is the case now). >>> >>> Bye >>> On Apr 22, 2016 5:39 PM, "Tim Maletic" <tma...@gm...> wrote: >>> >>>> Let me try to put this another way. According to the usage doc: >>>> >>>> "Sometimes it may fail, that is why the user can provide a string >>>> (--string option) which is always present on original page and on all True >>>> injected query pages, but that it is not on the False ones." >>>> >>>> Is there a way to invert this logic so that "--string" works for >>>> strings that are present on original page and all *true* ones? >>>> >>>> On Fri, Apr 22, 2016 at 11:20 AM, Miroslav Stampar < >>>> mir...@gm...> wrote: >>>> >>>>> This doesn't make any sense. With --string either there is a string >>>>> (TRUE) or there isn't (FALSE). In case of --not-string it's the complete >>>>> opposite. >>>>> >>>>> You are asking for 4 states: 1) with string and not-string; 2) with >>>>> string and no not-string; 3) without string and with not-string; and 4) >>>>> without string and without not-string >>>>> >>>>> Please reconsider your whole use-case. >>>>> >>>>> Bye >>>>> >>>>> On Fri, Apr 22, 2016 at 4:23 PM, Tim Maletic <tma...@gm...> >>>>> wrote: >>>>> >>>>>> I'm testing a system where no injection and false injections produce >>>>>> page A, but true injections produce page B. >>>>>> >>>>>> sqlmap doesn't support setting both --string and --not-string, and >>>>>> these options assume the opposite of the above, so I don't see a way to >>>>>> handle this unusual situation. >>>>>> >>>>>> Suggestions? >>>>>> Thanks! >>>>>> -tm >>>>>> >>>>>> >>>>>> ------------------------------------------------------------------------------ >>>>>> Find and fix application performance issues faster with Applications >>>>>> Manager >>>>>> Applications Manager provides deep performance insights into multiple >>>>>> tiers of >>>>>> your business applications. It resolves application problems quickly >>>>>> and >>>>>> reduces your MTTR. Get your free trial! >>>>>> https://ad.doubleclick.net/ddm/clk/302982198;130105516;z >>>>>> _______________________________________________ >>>>>> sqlmap-users mailing list >>>>>> sql...@li... >>>>>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >>>>>> >>>>>> >>>>> >>>>> >>>>> -- >>>>> Miroslav Stampar >>>>> http://about.me/stamparm >>>>> >>>> >>>> > > > -- > Miroslav Stampar > http://about.me/stamparm > -- Miroslav Stampar http://about.me/stamparm |
