Hi pUm,
On Fri, Aug 7, 2009 at 09:19, pUm<hi...@go...> wrote:
> ...
> bugs:
> 1. encoding %:
> the percent is encoded - really strange. If you put in %25 it will
> encode it to %% and stuff like that. we were not able to inject a %
> only on one parameter.
This is something I will have a closer look soon.
> 2. postfix/prefix string:
> the postfix string just disappears on some requests (post request)
I can't reproduce this bug. Can you please double check and send me
the exact -v 3 output?
> 3. testing connection
> on post injection the test connect to the url is done as a get
> request, even if you provided --data, this is a bad thing, for us it
> logged out the user after doing a get request on a post request ;)
In my tests and from the source code it is clear that if you specify
--data it always goes with the HTTP POST method. Also, I sniffed the
traffic to double check it, and it goes POST from the very first HTTP
request.
> suggested enhancements:
> - define the "random" char that gets injected on a true injection (so
> that it does not becomes so much more random ;)) - I will write a
> patch for this if I've got some time
What's the benefit?
> - using OR instead of AND, I know, you've got the request a way to
> often, but I've actually got again a reason for this to raise up again
> ;)
> - running time and stacked queries without the AND injection. for
> example, test all stacked query possiblities ...
In the long run the SQL injection detection phase will be done by
parsing a (huge) XML file where the user will be able to define less
or more tests to do, the engine will be then completely rewritten to
parse this XML file.
> thanks for the nice tool. I really enjoy it
Welcome!
Cheers,
--
Bernardo Damele A. G.
E-mail / Jabber: bernardo.damele (at) gmail.com
Mobile: +447788962949 (UK 07788962949)
PGP Key ID: 0x05F5A30F
|
