Thread: [sqlmap-users] Session Issue
Brought to you by:
inquisb
Menu
▾
▴
sqlmap-users
|
From: Chris O. <chr...@gm...> - 2011-01-19 13:58:00
|
I've been runnning two simultaneous tests on the same domain, but different pages. Previously, when I've completed a test, the session is saved in such a way that when the test ends it will jump straight to the injection points if it found any when I execute the same or similar commands. Now, if I execute the exact same command again, it seems to start testing right over from the beginning - and this takes ages. I am scanning www.example.com/blah/?foo=bar and www.example.com/foo/bar at the same time, and the output directory only has www.example.com with a single session file that just looks like [11:20:37 01/19/11] [13:41:41 01/19/11] and a log file that contains the 4 injection points but nothing else. The other scan has also found some injection points but none of these feature in either of these two files. Is this because I'm running two tests on the same domain or is it something that's broken in the latest dev version? Or is it something else? I've tried this with the last few revisions and the latest revision on Windows and Linux boxes - same result. Regards Chris |
|
From: Bernardo D. A. G. <ber...@gm...> - 2011-01-19 14:09:10
|
Chris, Sqlmap constantly write the session file during a run so it is not supposed to be run concurrently twice or more times against the same URL. If you really need so specify a different session file to use with switch -s. Bernardo Damele A. G. This message was sent from a smartphone On 19 Jan 2011, at 13:58, Chris Oakley <chr...@gm...> wrote: I've been runnning two simultaneous tests on the same domain, but different pages. Previously, when I've completed a test, the session is saved in such a way that when the test ends it will jump straight to the injection points if it found any when I execute the same or similar commands. Now, if I execute the exact same command again, it seems to start testing right over from the beginning - and this takes ages. I am scanning www.example.com/blah/?foo=bar and www.example.com/foo/bar at the same time, and the output directory only has www.example.com with a single session file that just looks like [11:20:37 01/19/11] [13:41:41 01/19/11] and a log file that contains the 4 injection points but nothing else. The other scan has also found some injection points but none of these feature in either of these two files. Is this because I'm running two tests on the same domain or is it something that's broken in the latest dev version? Or is it something else? I've tried this with the last few revisions and the latest revision on Windows and Linux boxes - same result. Regards Chris ------------------------------------------------------------------------------ Protect Your Site and Customers from Malware Attacks Learn about various malware tactics and how to avoid them. Understand malware threats, the impact they can have on your business, and how you can protect your company and customers by using code signing. http://p.sf.net/sfu/oracle-sfdevnl _______________________________________________ sqlmap-users mailing list sql...@li... https://lists.sourceforge.net/lists/listinfo/sqlmap-users |
|
From: Chris O. <chr...@gm...> - 2011-01-19 14:13:34
|
So if I use it like this: -s output/dir/filename Each time I use the command it will avoid this issue? Chris On 19 January 2011 14:08, Bernardo Damele A. G. <ber...@gm...>wrote: > Chris, > > Sqlmap constantly write the session file during a run so it is not supposed > to be run concurrently twice or more times against the same URL. If you > really need so specify a different session file to use with switch -s. > > Bernardo Damele A. G. > > This message was sent from a smartphone > > On 19 Jan 2011, at 13:58, Chris Oakley <chr...@gm...> > wrote: > > I've been runnning two simultaneous tests on the same domain, but different > pages. Previously, when I've completed a test, the session is saved in such > a way that when the test ends it will jump straight to the injection points > if it found any when I execute the same or similar commands. Now, if I > execute the exact same command again, it seems to start testing right over > from the beginning - and this takes ages. > > I am scanning <http://www.example.com/blah/?foo=bar> > www.example.com/blah/?foo=bar and <http://www.example.com/foo/bar> > www.example.com/foo/bar at the same time, and the output directory only > has <http://www.example.com>www.example.com with a single session file > that just looks like > > [11:20:37 01/19/11] > > [13:41:41 01/19/11] > > and a log file that contains the 4 injection points but nothing else. The > other scan has also found some injection points but none of these feature in > either of these two files. > > Is this because I'm running two tests on the same domain or is it something > that's broken in the latest dev version? Or is it something else? I've > tried this with the last few revisions and the latest revision on Windows > and Linux boxes - same result. > > Regards > > Chris > > > ------------------------------------------------------------------------------ > Protect Your Site and Customers from Malware Attacks > Learn about various malware tactics and how to avoid them. Understand > malware threats, the impact they can have on your business, and how you > can protect your company and customers by using code signing. > http://p.sf.net/sfu/oracle-sfdevnl > > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > |
|
From: Bernardo D. A. G. <ber...@gm...> - 2011-01-19 14:16:05
|
If you use it each time, yes. It does not necessarily have to be in output/. Any path where you have rw access is ok. Bernardo Damele A. G. This message was sent from a smartphone On 19 Jan 2011, at 14:13, Chris Oakley <chr...@gm...> wrote: So if I use it like this: -s output/dir/filename Each time I use the command it will avoid this issue? Chris On 19 January 2011 14:08, Bernardo Damele A. G. <ber...@gm...>wrote: > Chris, > > Sqlmap constantly write the session file during a run so it is not supposed > to be run concurrently twice or more times against the same URL. If you > really need so specify a different session file to use with switch -s. > > Bernardo Damele A. G. > > This message was sent from a smartphone > > On 19 Jan 2011, at 13:58, Chris Oakley <chr...@gm...> > wrote: > > I've been runnning two simultaneous tests on the same domain, but different > pages. Previously, when I've completed a test, the session is saved in such > a way that when the test ends it will jump straight to the injection points > if it found any when I execute the same or similar commands. Now, if I > execute the exact same command again, it seems to start testing right over > from the beginning - and this takes ages. > > I am scanning <http://www.example.com/blah/?foo=bar> > www.example.com/blah/?foo=bar and <http://www.example.com/foo/bar> > www.example.com/foo/bar at the same time, and the output directory only > has <http://www.example.com>www.example.com with a single session file > that just looks like > > [11:20:37 01/19/11] > > [13:41:41 01/19/11] > > and a log file that contains the 4 injection points but nothing else. The > other scan has also found some injection points but none of these feature in > either of these two files. > > Is this because I'm running two tests on the same domain or is it something > that's broken in the latest dev version? Or is it something else? I've > tried this with the last few revisions and the latest revision on Windows > and Linux boxes - same result. > > Regards > > Chris > > > ------------------------------------------------------------------------------ > Protect Your Site and Customers from Malware Attacks > Learn about various malware tactics and how to avoid them. Understand > malware threats, the impact they can have on your business, and how you > can protect your company and customers by using code signing. > http://p.sf.net/sfu/oracle-sfdevnl > > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > |
|
From: Chris O. <chr...@gm...> - 2011-01-19 14:21:28
|
Thank you Bernardo! On 19 January 2011 14:15, Bernardo Damele A. G. <ber...@gm...>wrote: > If you use it each time, yes. It does not necessarily have to be in > output/. Any path where you have rw access is ok. > > > Bernardo Damele A. G. > > This message was sent from a smartphone > > On 19 Jan 2011, at 14:13, Chris Oakley <chr...@gm...> > wrote: > > So if I use it like this: > > -s output/dir/filename > > Each time I use the command it will avoid this issue? > > Chris > > On 19 January 2011 14:08, Bernardo Damele A. G. <<ber...@gm...> > ber...@gm...> wrote: > >> Chris, >> >> Sqlmap constantly write the session file during a run so it is not >> supposed to be run concurrently twice or more times against the same URL. If >> you really need so specify a different session file to use with switch -s. >> >> Bernardo Damele A. G. >> >> This message was sent from a smartphone >> >> On 19 Jan 2011, at 13:58, Chris Oakley < <chr...@gm...> >> chr...@gm...> wrote: >> >> I've been runnning two simultaneous tests on the same domain, but >> different pages. Previously, when I've completed a test, the session is >> saved in such a way that when the test ends it will jump straight to the >> injection points if it found any when I execute the same or similar >> commands. Now, if I execute the exact same command again, it seems to start >> testing right over from the beginning - and this takes ages. >> >> I am scanning <http://www.example.com/blah/?foo=bar><http://www.example.com/blah/?foo=bar> >> www.example.com/blah/?foo=bar and <http://www.example.com/foo/bar><http://www.example.com/foo/bar> >> www.example.com/foo/bar at the same time, and the output directory only >> has <http://www.example.com> <http://www.example.com>www.example.com with >> a single session file that just looks like >> >> [11:20:37 01/19/11] >> >> [13:41:41 01/19/11] >> >> and a log file that contains the 4 injection points but nothing else. The >> other scan has also found some injection points but none of these feature in >> either of these two files. >> >> Is this because I'm running two tests on the same domain or is it >> something that's broken in the latest dev version? Or is it something >> else? I've tried this with the last few revisions and the latest revision >> on Windows and Linux boxes - same result. >> >> Regards >> >> Chris >> >> >> ------------------------------------------------------------------------------ >> Protect Your Site and Customers from Malware Attacks >> Learn about various malware tactics and how to avoid them. Understand >> malware threats, the impact they can have on your business, and how you >> can protect your company and customers by using code signing. >> <http://p.sf.net/sfu/oracle-sfdevnl>http://p.sf.net/sfu/oracle-sfdevnl >> >> _______________________________________________ >> sqlmap-users mailing list >> <sql...@li...>sql...@li... >> <https://lists.sourceforge.net/lists/listinfo/sqlmap-users> >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> >> > |
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X