Thread: [sqlmap-users] Problem with using Webscarab conversations
Brought to you by:
inquisb
Menu
▾
▴
sqlmap-users
|
From: Antonios A. <ant...@gm...> - 2011-01-18 21:04:36
|
Hello to the list, after spidering a site that is vulnerable to SQLi with Webscarab, I fed its conversations directory to sqlmap using the -l option. sqlmap didn't find any SQLi vulnerable. Then, I fed a vulnerable URL to sqlmap with the -u option (which URL was also included in the webscarab conversations and it had also been tested before with sqlmap), and sqlmap did found this time the specific SQLi vulnerability. Has anyone else observed a problem using Webscarab conversations? Is there any tip or trick that I can use in order to solve this problem? Thanks in advance Antonios |
|
From: Miroslav S. <mir...@gm...> - 2011-01-18 21:21:13
|
Hi Antonios. main question is: are you able to reproduce this kind of behavior again? if yes, then sqlmap really has some "bug" and it would be great if you could (maybe privately) provide is with further details from used logs. if no, thing that comes to my mind and that can screw things up is "dynamicity". we've worked hard to make a good comparison/detection engine together with dynamicity removal, but still, pages with lots of garbaged styles/tags/scripts... can screw things up, especially when only a small part of the page is affected by injection itself. hence there are switches like --string and --text-only (removes all tags/scripts/styles and retrieves only pure text) that can do miracles in those kind of cases. KR On Tue, Jan 18, 2011 at 10:04 PM, Antonios Atlasis <ant...@gm...> wrote: > > Hello to the list, > > after spidering a site that is vulnerable to SQLi with Webscarab, I fed its > conversations directory to sqlmap using the -l option. > sqlmap didn't find any SQLi vulnerable. > > Then, I fed a vulnerable URL to sqlmap with the -u option (which URL was > also included in the webscarab conversations and it had also been tested > before with sqlmap), and sqlmap did found this time the specific SQLi > vulnerability. > > Has anyone else observed a problem using Webscarab conversations? Is there > any tip or trick that I can use in order to solve this problem? > > Thanks in advance > > Antonios > > ------------------------------------------------------------------------------ > Protect Your Site and Customers from Malware Attacks > Learn about various malware tactics and how to avoid them. Understand > malware threats, the impact they can have on your business, and how you > can protect your company and customers by using code signing. > http://p.sf.net/sfu/oracle-sfdevnl > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar E-mail / Jabber: miroslav.stampar (at) gmail.com Mobile: +385921010204 (HR 0921010204) PGP Key ID: 0xB5397B1B Location: Zagreb, Croatia |
|
From: Antonios A. <ant...@gm...> - 2011-01-19 20:28:22
|
Hi Miroslav and thanks for your answer, I did reproduce the results a couple of times and you can easily do so. My target is the ctf6 lampsec security (you can downloaded from http://sourceforge.net/projects/lampsecurity/). After a very fast browsing, I crawled the rest of the site using Webscarab. I run the command sqlmap --batch -v 2 -l ../webscarab-logs/conversations/ sqlmap failed to find any sqli. Then I run sqlmap -u http://192.168.163.128/index.php?id=4 (one of the vulnerable urls) and it does find the sqli vulnerability. please let me know if you want me to send you any logs. Regards Antonios 2011/1/18 Miroslav Stampar <mir...@gm...> > Hi Antonios. > > main question is: are you able to reproduce this kind of behavior again? > > if yes, then sqlmap really has some "bug" and it would be great if you > could (maybe privately) provide is with further details from used > logs. > > if no, thing that comes to my mind and that can screw things up is > "dynamicity". we've worked hard to make a good comparison/detection > engine together with dynamicity removal, but still, pages with lots of > garbaged styles/tags/scripts... can screw things up, especially when > only a small part of the page is affected by injection itself. hence > there are switches like --string and --text-only (removes all > tags/scripts/styles and retrieves only pure text) that can do miracles > in those kind of cases. > > KR > > On Tue, Jan 18, 2011 at 10:04 PM, Antonios Atlasis > <ant...@gm...> wrote: > > > > Hello to the list, > > > > after spidering a site that is vulnerable to SQLi with Webscarab, I fed > its > > conversations directory to sqlmap using the -l option. > > sqlmap didn't find any SQLi vulnerable. > > > > Then, I fed a vulnerable URL to sqlmap with the -u option (which URL was > > also included in the webscarab conversations and it had also been tested > > before with sqlmap), and sqlmap did found this time the specific SQLi > > vulnerability. > > > > Has anyone else observed a problem using Webscarab conversations? Is > there > > any tip or trick that I can use in order to solve this problem? > > > > Thanks in advance > > > > Antonios > > > > > ------------------------------------------------------------------------------ > > Protect Your Site and Customers from Malware Attacks > > Learn about various malware tactics and how to avoid them. Understand > > malware threats, the impact they can have on your business, and how you > > can protect your company and customers by using code signing. > > http://p.sf.net/sfu/oracle-sfdevnl > > _______________________________________________ > > sqlmap-users mailing list > > sql...@li... > > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > > > > > > > -- > Miroslav Stampar > > E-mail / Jabber: miroslav.stampar (at) gmail.com > Mobile: +385921010204 (HR 0921010204) > PGP Key ID: 0xB5397B1B > Location: Zagreb, Croatia > |
|
From: Miroslav S. <mir...@gm...> - 2011-01-19 21:20:07
|
Downloading right now. Will report back. KR On Wed, Jan 19, 2011 at 9:28 PM, Antonios Atlasis <ant...@gm...> wrote: > Hi Miroslav and thanks for your answer, > > I did reproduce the results a couple of times and you can easily do so. > > My target is the ctf6 lampsec security (you can downloaded from > http://sourceforge.net/projects/lampsecurity/). > > After a very fast browsing, I crawled the rest of the site using Webscarab. > > I run the command sqlmap --batch -v 2 -l ../webscarab-logs/conversations/ > > sqlmap failed to find any sqli. > > Then I run sqlmap -u http://192.168.163.128/index.php?id=4 (one of the > vulnerable urls) and it does find the sqli vulnerability. > > please let me know if you want me to send you any logs. > > Regards > > Antonios > > 2011/1/18 Miroslav Stampar <mir...@gm...> >> >> Hi Antonios. >> >> main question is: are you able to reproduce this kind of behavior again? >> >> if yes, then sqlmap really has some "bug" and it would be great if you >> could (maybe privately) provide is with further details from used >> logs. >> >> if no, thing that comes to my mind and that can screw things up is >> "dynamicity". we've worked hard to make a good comparison/detection >> engine together with dynamicity removal, but still, pages with lots of >> garbaged styles/tags/scripts... can screw things up, especially when >> only a small part of the page is affected by injection itself. hence >> there are switches like --string and --text-only (removes all >> tags/scripts/styles and retrieves only pure text) that can do miracles >> in those kind of cases. >> >> KR >> >> On Tue, Jan 18, 2011 at 10:04 PM, Antonios Atlasis >> <ant...@gm...> wrote: >> > >> > Hello to the list, >> > >> > after spidering a site that is vulnerable to SQLi with Webscarab, I fed >> > its >> > conversations directory to sqlmap using the -l option. >> > sqlmap didn't find any SQLi vulnerable. >> > >> > Then, I fed a vulnerable URL to sqlmap with the -u option (which URL was >> > also included in the webscarab conversations and it had also been tested >> > before with sqlmap), and sqlmap did found this time the specific SQLi >> > vulnerability. >> > >> > Has anyone else observed a problem using Webscarab conversations? Is >> > there >> > any tip or trick that I can use in order to solve this problem? >> > >> > Thanks in advance >> > >> > Antonios >> > >> > >> > ------------------------------------------------------------------------------ >> > Protect Your Site and Customers from Malware Attacks >> > Learn about various malware tactics and how to avoid them. Understand >> > malware threats, the impact they can have on your business, and how you >> > can protect your company and customers by using code signing. >> > http://p.sf.net/sfu/oracle-sfdevnl >> > _______________________________________________ >> > sqlmap-users mailing list >> > sql...@li... >> > https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> > >> > >> >> >> >> -- >> Miroslav Stampar >> >> E-mail / Jabber: miroslav.stampar (at) gmail.com >> Mobile: +385921010204 (HR 0921010204) >> PGP Key ID: 0xB5397B1B >> Location: Zagreb, Croatia > > > -- Miroslav Stampar E-mail / Jabber: miroslav.stampar (at) gmail.com Mobile: +385921010204 (HR 0921010204) PGP Key ID: 0xB5397B1B Location: Zagreb, Croatia |
|
From: Miroslav S. <mir...@gm...> - 2011-01-19 23:59:22
|
LOL we've stated that we support WebScarab logs, while we don't :) thx for reporting. we'll see what we can do. in the mean time you can try to use Burp which logs we should support most definitely. kr On Wed, Jan 19, 2011 at 10:19 PM, Miroslav Stampar <mir...@gm...> wrote: > Downloading right now. Will report back. > > KR > > On Wed, Jan 19, 2011 at 9:28 PM, Antonios Atlasis > <ant...@gm...> wrote: >> Hi Miroslav and thanks for your answer, >> >> I did reproduce the results a couple of times and you can easily do so. >> >> My target is the ctf6 lampsec security (you can downloaded from >> http://sourceforge.net/projects/lampsecurity/). >> >> After a very fast browsing, I crawled the rest of the site using Webscarab. >> >> I run the command sqlmap --batch -v 2 -l ../webscarab-logs/conversations/ >> >> sqlmap failed to find any sqli. >> >> Then I run sqlmap -u http://192.168.163.128/index.php?id=4 (one of the >> vulnerable urls) and it does find the sqli vulnerability. >> >> please let me know if you want me to send you any logs. >> >> Regards >> >> Antonios >> >> 2011/1/18 Miroslav Stampar <mir...@gm...> >>> >>> Hi Antonios. >>> >>> main question is: are you able to reproduce this kind of behavior again? >>> >>> if yes, then sqlmap really has some "bug" and it would be great if you >>> could (maybe privately) provide is with further details from used >>> logs. >>> >>> if no, thing that comes to my mind and that can screw things up is >>> "dynamicity". we've worked hard to make a good comparison/detection >>> engine together with dynamicity removal, but still, pages with lots of >>> garbaged styles/tags/scripts... can screw things up, especially when >>> only a small part of the page is affected by injection itself. hence >>> there are switches like --string and --text-only (removes all >>> tags/scripts/styles and retrieves only pure text) that can do miracles >>> in those kind of cases. >>> >>> KR >>> >>> On Tue, Jan 18, 2011 at 10:04 PM, Antonios Atlasis >>> <ant...@gm...> wrote: >>> > >>> > Hello to the list, >>> > >>> > after spidering a site that is vulnerable to SQLi with Webscarab, I fed >>> > its >>> > conversations directory to sqlmap using the -l option. >>> > sqlmap didn't find any SQLi vulnerable. >>> > >>> > Then, I fed a vulnerable URL to sqlmap with the -u option (which URL was >>> > also included in the webscarab conversations and it had also been tested >>> > before with sqlmap), and sqlmap did found this time the specific SQLi >>> > vulnerability. >>> > >>> > Has anyone else observed a problem using Webscarab conversations? Is >>> > there >>> > any tip or trick that I can use in order to solve this problem? >>> > >>> > Thanks in advance >>> > >>> > Antonios >>> > >>> > >>> > ------------------------------------------------------------------------------ >>> > Protect Your Site and Customers from Malware Attacks >>> > Learn about various malware tactics and how to avoid them. Understand >>> > malware threats, the impact they can have on your business, and how you >>> > can protect your company and customers by using code signing. >>> > http://p.sf.net/sfu/oracle-sfdevnl >>> > _______________________________________________ >>> > sqlmap-users mailing list >>> > sql...@li... >>> > https://lists.sourceforge.net/lists/listinfo/sqlmap-users >>> > >>> > >>> >>> >>> >>> -- >>> Miroslav Stampar >>> >>> E-mail / Jabber: miroslav.stampar (at) gmail.com >>> Mobile: +385921010204 (HR 0921010204) >>> PGP Key ID: 0xB5397B1B >>> Location: Zagreb, Croatia >> >> >> > > > > -- > Miroslav Stampar > > E-mail / Jabber: miroslav.stampar (at) gmail.com > Mobile: +385921010204 (HR 0921010204) > PGP Key ID: 0xB5397B1B > Location: Zagreb, Croatia > -- Miroslav Stampar E-mail / Jabber: miroslav.stampar (at) gmail.com Mobile: +385921010204 (HR 0921010204) PGP Key ID: 0xB5397B1B Location: Zagreb, Croatia |
|
From: Antonios A. <ant...@gm...> - 2011-01-20 11:22:25
|
Thanks for your reply. The problem is that the free version of Burpsuite does not allow to save the spidering results; this is why I rely on webscarab. Thanks again Antonios . 2011/1/20 Miroslav Stampar <mir...@gm...> > LOL > > we've stated that we support WebScarab logs, while we don't :) > > thx for reporting. > > we'll see what we can do. in the mean time you can try to use Burp > which logs we should support most definitely. > > kr > > On Wed, Jan 19, 2011 at 10:19 PM, Miroslav Stampar > <mir...@gm...> wrote: > > Downloading right now. Will report back. > > > > KR > > > > On Wed, Jan 19, 2011 at 9:28 PM, Antonios Atlasis > > <ant...@gm...> wrote: > >> Hi Miroslav and thanks for your answer, > >> > >> I did reproduce the results a couple of times and you can easily do so. > >> > >> My target is the ctf6 lampsec security (you can downloaded from > >> http://sourceforge.net/projects/lampsecurity/). > >> > >> After a very fast browsing, I crawled the rest of the site using > Webscarab. > >> > >> I run the command sqlmap --batch -v 2 -l > ../webscarab-logs/conversations/ > >> > >> sqlmap failed to find any sqli. > >> > >> Then I run sqlmap -u http://192.168.163.128/index.php?id=4 (one of > the > >> vulnerable urls) and it does find the sqli vulnerability. > >> > >> please let me know if you want me to send you any logs. > >> > >> Regards > >> > >> Antonios > >> > >> 2011/1/18 Miroslav Stampar <mir...@gm...> > >>> > >>> Hi Antonios. > >>> > >>> main question is: are you able to reproduce this kind of behavior > again? > >>> > >>> if yes, then sqlmap really has some "bug" and it would be great if you > >>> could (maybe privately) provide is with further details from used > >>> logs. > >>> > >>> if no, thing that comes to my mind and that can screw things up is > >>> "dynamicity". we've worked hard to make a good comparison/detection > >>> engine together with dynamicity removal, but still, pages with lots of > >>> garbaged styles/tags/scripts... can screw things up, especially when > >>> only a small part of the page is affected by injection itself. hence > >>> there are switches like --string and --text-only (removes all > >>> tags/scripts/styles and retrieves only pure text) that can do miracles > >>> in those kind of cases. > >>> > >>> KR > >>> > >>> On Tue, Jan 18, 2011 at 10:04 PM, Antonios Atlasis > >>> <ant...@gm...> wrote: > >>> > > >>> > Hello to the list, > >>> > > >>> > after spidering a site that is vulnerable to SQLi with Webscarab, I > fed > >>> > its > >>> > conversations directory to sqlmap using the -l option. > >>> > sqlmap didn't find any SQLi vulnerable. > >>> > > >>> > Then, I fed a vulnerable URL to sqlmap with the -u option (which URL > was > >>> > also included in the webscarab conversations and it had also been > tested > >>> > before with sqlmap), and sqlmap did found this time the specific SQLi > >>> > vulnerability. > >>> > > >>> > Has anyone else observed a problem using Webscarab conversations? Is > >>> > there > >>> > any tip or trick that I can use in order to solve this problem? > >>> > > >>> > Thanks in advance > >>> > > >>> > Antonios > >>> > > >>> > > >>> > > ------------------------------------------------------------------------------ > >>> > Protect Your Site and Customers from Malware Attacks > >>> > Learn about various malware tactics and how to avoid them. Understand > >>> > malware threats, the impact they can have on your business, and how > you > >>> > can protect your company and customers by using code signing. > >>> > http://p.sf.net/sfu/oracle-sfdevnl > >>> > _______________________________________________ > >>> > sqlmap-users mailing list > >>> > sql...@li... > >>> > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > >>> > > >>> > > >>> > >>> > >>> > >>> -- > >>> Miroslav Stampar > >>> > >>> E-mail / Jabber: miroslav.stampar (at) gmail.com > >>> Mobile: +385921010204 (HR 0921010204) > >>> PGP Key ID: 0xB5397B1B > >>> Location: Zagreb, Croatia > >> > >> > >> > > > > > > > > -- > > Miroslav Stampar > > > > E-mail / Jabber: miroslav.stampar (at) gmail.com > > Mobile: +385921010204 (HR 0921010204) > > PGP Key ID: 0xB5397B1B > > Location: Zagreb, Croatia > > > > > > -- > Miroslav Stampar > > E-mail / Jabber: miroslav.stampar (at) gmail.com > Mobile: +385921010204 (HR 0921010204) > PGP Key ID: 0xB5397B1B > Location: Zagreb, Croatia > |
|
From: Miroslav S. <mir...@gm...> - 2011-01-20 11:32:34
|
hi Antonios. no worry. gonna fix it probably today. kr On Thu, Jan 20, 2011 at 12:22 PM, Antonios Atlasis <ant...@gm...> wrote: > Thanks for your reply. > > The problem is that the free version of Burpsuite does not allow to save the > spidering results; this is why I rely on webscarab. > > Thanks again > > Antonios > . > 2011/1/20 Miroslav Stampar <mir...@gm...> >> >> LOL >> >> we've stated that we support WebScarab logs, while we don't :) >> >> thx for reporting. >> >> we'll see what we can do. in the mean time you can try to use Burp >> which logs we should support most definitely. >> >> kr >> >> On Wed, Jan 19, 2011 at 10:19 PM, Miroslav Stampar >> <mir...@gm...> wrote: >> > Downloading right now. Will report back. >> > >> > KR >> > >> > On Wed, Jan 19, 2011 at 9:28 PM, Antonios Atlasis >> > <ant...@gm...> wrote: >> >> Hi Miroslav and thanks for your answer, >> >> >> >> I did reproduce the results a couple of times and you can easily do so. >> >> >> >> My target is the ctf6 lampsec security (you can downloaded from >> >> http://sourceforge.net/projects/lampsecurity/). >> >> >> >> After a very fast browsing, I crawled the rest of the site using >> >> Webscarab. >> >> >> >> I run the command sqlmap --batch -v 2 -l >> >> ../webscarab-logs/conversations/ >> >> >> >> sqlmap failed to find any sqli. >> >> >> >> Then I run sqlmap -u http://192.168.163.128/index.php?id=4 (one of >> >> the >> >> vulnerable urls) and it does find the sqli vulnerability. >> >> >> >> please let me know if you want me to send you any logs. >> >> >> >> Regards >> >> >> >> Antonios >> >> >> >> 2011/1/18 Miroslav Stampar <mir...@gm...> >> >>> >> >>> Hi Antonios. >> >>> >> >>> main question is: are you able to reproduce this kind of behavior >> >>> again? >> >>> >> >>> if yes, then sqlmap really has some "bug" and it would be great if you >> >>> could (maybe privately) provide is with further details from used >> >>> logs. >> >>> >> >>> if no, thing that comes to my mind and that can screw things up is >> >>> "dynamicity". we've worked hard to make a good comparison/detection >> >>> engine together with dynamicity removal, but still, pages with lots of >> >>> garbaged styles/tags/scripts... can screw things up, especially when >> >>> only a small part of the page is affected by injection itself. hence >> >>> there are switches like --string and --text-only (removes all >> >>> tags/scripts/styles and retrieves only pure text) that can do miracles >> >>> in those kind of cases. >> >>> >> >>> KR >> >>> >> >>> On Tue, Jan 18, 2011 at 10:04 PM, Antonios Atlasis >> >>> <ant...@gm...> wrote: >> >>> > >> >>> > Hello to the list, >> >>> > >> >>> > after spidering a site that is vulnerable to SQLi with Webscarab, I >> >>> > fed >> >>> > its >> >>> > conversations directory to sqlmap using the -l option. >> >>> > sqlmap didn't find any SQLi vulnerable. >> >>> > >> >>> > Then, I fed a vulnerable URL to sqlmap with the -u option (which URL >> >>> > was >> >>> > also included in the webscarab conversations and it had also been >> >>> > tested >> >>> > before with sqlmap), and sqlmap did found this time the specific >> >>> > SQLi >> >>> > vulnerability. >> >>> > >> >>> > Has anyone else observed a problem using Webscarab conversations? Is >> >>> > there >> >>> > any tip or trick that I can use in order to solve this problem? >> >>> > >> >>> > Thanks in advance >> >>> > >> >>> > Antonios >> >>> > >> >>> > >> >>> > >> >>> > ------------------------------------------------------------------------------ >> >>> > Protect Your Site and Customers from Malware Attacks >> >>> > Learn about various malware tactics and how to avoid them. >> >>> > Understand >> >>> > malware threats, the impact they can have on your business, and how >> >>> > you >> >>> > can protect your company and customers by using code signing. >> >>> > http://p.sf.net/sfu/oracle-sfdevnl >> >>> > _______________________________________________ >> >>> > sqlmap-users mailing list >> >>> > sql...@li... >> >>> > https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> >>> > >> >>> > >> >>> >> >>> >> >>> >> >>> -- >> >>> Miroslav Stampar >> >>> >> >>> E-mail / Jabber: miroslav.stampar (at) gmail.com >> >>> Mobile: +385921010204 (HR 0921010204) >> >>> PGP Key ID: 0xB5397B1B >> >>> Location: Zagreb, Croatia >> >> >> >> >> >> >> > >> > >> > >> > -- >> > Miroslav Stampar >> > >> > E-mail / Jabber: miroslav.stampar (at) gmail.com >> > Mobile: +385921010204 (HR 0921010204) >> > PGP Key ID: 0xB5397B1B >> > Location: Zagreb, Croatia >> > >> >> >> >> -- >> Miroslav Stampar >> >> E-mail / Jabber: miroslav.stampar (at) gmail.com >> Mobile: +385921010204 (HR 0921010204) >> PGP Key ID: 0xB5397B1B >> Location: Zagreb, Croatia > > -- Miroslav Stampar E-mail / Jabber: miroslav.stampar (at) gmail.com Mobile: +385921010204 (HR 0921010204) PGP Key ID: 0xB5397B1B Location: Zagreb, Croatia |
|
From: Miroslav S. <mir...@gm...> - 2011-01-20 15:58:04
|
hi. with last commit you can find support for WebScarab log files. if you find any "problems" related please report. only one warning: you won't be able to process POST requests as WebScarab "smartly" stores their bodies in separate files. kr On Thu, Jan 20, 2011 at 12:32 PM, Miroslav Stampar <mir...@gm...> wrote: > hi Antonios. > > no worry. gonna fix it probably today. > > kr > > On Thu, Jan 20, 2011 at 12:22 PM, Antonios Atlasis > <ant...@gm...> wrote: >> Thanks for your reply. >> >> The problem is that the free version of Burpsuite does not allow to save the >> spidering results; this is why I rely on webscarab. >> >> Thanks again >> >> Antonios >> . >> 2011/1/20 Miroslav Stampar <mir...@gm...> >>> >>> LOL >>> >>> we've stated that we support WebScarab logs, while we don't :) >>> >>> thx for reporting. >>> >>> we'll see what we can do. in the mean time you can try to use Burp >>> which logs we should support most definitely. >>> >>> kr >>> >>> On Wed, Jan 19, 2011 at 10:19 PM, Miroslav Stampar >>> <mir...@gm...> wrote: >>> > Downloading right now. Will report back. >>> > >>> > KR >>> > >>> > On Wed, Jan 19, 2011 at 9:28 PM, Antonios Atlasis >>> > <ant...@gm...> wrote: >>> >> Hi Miroslav and thanks for your answer, >>> >> >>> >> I did reproduce the results a couple of times and you can easily do so. >>> >> >>> >> My target is the ctf6 lampsec security (you can downloaded from >>> >> http://sourceforge.net/projects/lampsecurity/). >>> >> >>> >> After a very fast browsing, I crawled the rest of the site using >>> >> Webscarab. >>> >> >>> >> I run the command sqlmap --batch -v 2 -l >>> >> ../webscarab-logs/conversations/ >>> >> >>> >> sqlmap failed to find any sqli. >>> >> >>> >> Then I run sqlmap -u http://192.168.163.128/index.php?id=4 (one of >>> >> the >>> >> vulnerable urls) and it does find the sqli vulnerability. >>> >> >>> >> please let me know if you want me to send you any logs. >>> >> >>> >> Regards >>> >> >>> >> Antonios >>> >> >>> >> 2011/1/18 Miroslav Stampar <mir...@gm...> >>> >>> >>> >>> Hi Antonios. >>> >>> >>> >>> main question is: are you able to reproduce this kind of behavior >>> >>> again? >>> >>> >>> >>> if yes, then sqlmap really has some "bug" and it would be great if you >>> >>> could (maybe privately) provide is with further details from used >>> >>> logs. >>> >>> >>> >>> if no, thing that comes to my mind and that can screw things up is >>> >>> "dynamicity". we've worked hard to make a good comparison/detection >>> >>> engine together with dynamicity removal, but still, pages with lots of >>> >>> garbaged styles/tags/scripts... can screw things up, especially when >>> >>> only a small part of the page is affected by injection itself. hence >>> >>> there are switches like --string and --text-only (removes all >>> >>> tags/scripts/styles and retrieves only pure text) that can do miracles >>> >>> in those kind of cases. >>> >>> >>> >>> KR >>> >>> >>> >>> On Tue, Jan 18, 2011 at 10:04 PM, Antonios Atlasis >>> >>> <ant...@gm...> wrote: >>> >>> > >>> >>> > Hello to the list, >>> >>> > >>> >>> > after spidering a site that is vulnerable to SQLi with Webscarab, I >>> >>> > fed >>> >>> > its >>> >>> > conversations directory to sqlmap using the -l option. >>> >>> > sqlmap didn't find any SQLi vulnerable. >>> >>> > >>> >>> > Then, I fed a vulnerable URL to sqlmap with the -u option (which URL >>> >>> > was >>> >>> > also included in the webscarab conversations and it had also been >>> >>> > tested >>> >>> > before with sqlmap), and sqlmap did found this time the specific >>> >>> > SQLi >>> >>> > vulnerability. >>> >>> > >>> >>> > Has anyone else observed a problem using Webscarab conversations? Is >>> >>> > there >>> >>> > any tip or trick that I can use in order to solve this problem? >>> >>> > >>> >>> > Thanks in advance >>> >>> > >>> >>> > Antonios >>> >>> > >>> >>> > >>> >>> > >>> >>> > ------------------------------------------------------------------------------ >>> >>> > Protect Your Site and Customers from Malware Attacks >>> >>> > Learn about various malware tactics and how to avoid them. >>> >>> > Understand >>> >>> > malware threats, the impact they can have on your business, and how >>> >>> > you >>> >>> > can protect your company and customers by using code signing. >>> >>> > http://p.sf.net/sfu/oracle-sfdevnl >>> >>> > _______________________________________________ >>> >>> > sqlmap-users mailing list >>> >>> > sql...@li... >>> >>> > https://lists.sourceforge.net/lists/listinfo/sqlmap-users >>> >>> > >>> >>> > >>> >>> >>> >>> >>> >>> >>> >>> -- >>> >>> Miroslav Stampar >>> >>> >>> >>> E-mail / Jabber: miroslav.stampar (at) gmail.com >>> >>> Mobile: +385921010204 (HR 0921010204) >>> >>> PGP Key ID: 0xB5397B1B >>> >>> Location: Zagreb, Croatia >>> >> >>> >> >>> >> >>> > >>> > >>> > >>> > -- >>> > Miroslav Stampar >>> > >>> > E-mail / Jabber: miroslav.stampar (at) gmail.com >>> > Mobile: +385921010204 (HR 0921010204) >>> > PGP Key ID: 0xB5397B1B >>> > Location: Zagreb, Croatia >>> > >>> >>> >>> >>> -- >>> Miroslav Stampar >>> >>> E-mail / Jabber: miroslav.stampar (at) gmail.com >>> Mobile: +385921010204 (HR 0921010204) >>> PGP Key ID: 0xB5397B1B >>> Location: Zagreb, Croatia >> >> > > > > -- > Miroslav Stampar > > E-mail / Jabber: miroslav.stampar (at) gmail.com > Mobile: +385921010204 (HR 0921010204) > PGP Key ID: 0xB5397B1B > Location: Zagreb, Croatia > -- Miroslav Stampar E-mail / Jabber: miroslav.stampar (at) gmail.com Mobile: +385921010204 (HR 0921010204) PGP Key ID: 0xB5397B1B Location: Zagreb, Croatia |
|
From: Miroslav S. <mir...@gm...> - 2011-01-20 16:16:30
|
...nevertheless you can use -r to load them individually (e.g. ./sqlmap.py -r "./logdirectory/conversations/10-request") kr On Thu, Jan 20, 2011 at 4:57 PM, Miroslav Stampar <mir...@gm...> wrote: > hi. > > with last commit you can find support for WebScarab log files. if you > find any "problems" related please report. > > only one warning: you won't be able to process POST requests as > WebScarab "smartly" stores their bodies in separate files. > > kr > > On Thu, Jan 20, 2011 at 12:32 PM, Miroslav Stampar > <mir...@gm...> wrote: >> hi Antonios. >> >> no worry. gonna fix it probably today. >> >> kr >> >> On Thu, Jan 20, 2011 at 12:22 PM, Antonios Atlasis >> <ant...@gm...> wrote: >>> Thanks for your reply. >>> >>> The problem is that the free version of Burpsuite does not allow to save the >>> spidering results; this is why I rely on webscarab. >>> >>> Thanks again >>> >>> Antonios >>> . >>> 2011/1/20 Miroslav Stampar <mir...@gm...> >>>> >>>> LOL >>>> >>>> we've stated that we support WebScarab logs, while we don't :) >>>> >>>> thx for reporting. >>>> >>>> we'll see what we can do. in the mean time you can try to use Burp >>>> which logs we should support most definitely. >>>> >>>> kr >>>> >>>> On Wed, Jan 19, 2011 at 10:19 PM, Miroslav Stampar >>>> <mir...@gm...> wrote: >>>> > Downloading right now. Will report back. >>>> > >>>> > KR >>>> > >>>> > On Wed, Jan 19, 2011 at 9:28 PM, Antonios Atlasis >>>> > <ant...@gm...> wrote: >>>> >> Hi Miroslav and thanks for your answer, >>>> >> >>>> >> I did reproduce the results a couple of times and you can easily do so. >>>> >> >>>> >> My target is the ctf6 lampsec security (you can downloaded from >>>> >> http://sourceforge.net/projects/lampsecurity/). >>>> >> >>>> >> After a very fast browsing, I crawled the rest of the site using >>>> >> Webscarab. >>>> >> >>>> >> I run the command sqlmap --batch -v 2 -l >>>> >> ../webscarab-logs/conversations/ >>>> >> >>>> >> sqlmap failed to find any sqli. >>>> >> >>>> >> Then I run sqlmap -u http://192.168.163.128/index.php?id=4 (one of >>>> >> the >>>> >> vulnerable urls) and it does find the sqli vulnerability. >>>> >> >>>> >> please let me know if you want me to send you any logs. >>>> >> >>>> >> Regards >>>> >> >>>> >> Antonios >>>> >> >>>> >> 2011/1/18 Miroslav Stampar <mir...@gm...> >>>> >>> >>>> >>> Hi Antonios. >>>> >>> >>>> >>> main question is: are you able to reproduce this kind of behavior >>>> >>> again? >>>> >>> >>>> >>> if yes, then sqlmap really has some "bug" and it would be great if you >>>> >>> could (maybe privately) provide is with further details from used >>>> >>> logs. >>>> >>> >>>> >>> if no, thing that comes to my mind and that can screw things up is >>>> >>> "dynamicity". we've worked hard to make a good comparison/detection >>>> >>> engine together with dynamicity removal, but still, pages with lots of >>>> >>> garbaged styles/tags/scripts... can screw things up, especially when >>>> >>> only a small part of the page is affected by injection itself. hence >>>> >>> there are switches like --string and --text-only (removes all >>>> >>> tags/scripts/styles and retrieves only pure text) that can do miracles >>>> >>> in those kind of cases. >>>> >>> >>>> >>> KR >>>> >>> >>>> >>> On Tue, Jan 18, 2011 at 10:04 PM, Antonios Atlasis >>>> >>> <ant...@gm...> wrote: >>>> >>> > >>>> >>> > Hello to the list, >>>> >>> > >>>> >>> > after spidering a site that is vulnerable to SQLi with Webscarab, I >>>> >>> > fed >>>> >>> > its >>>> >>> > conversations directory to sqlmap using the -l option. >>>> >>> > sqlmap didn't find any SQLi vulnerable. >>>> >>> > >>>> >>> > Then, I fed a vulnerable URL to sqlmap with the -u option (which URL >>>> >>> > was >>>> >>> > also included in the webscarab conversations and it had also been >>>> >>> > tested >>>> >>> > before with sqlmap), and sqlmap did found this time the specific >>>> >>> > SQLi >>>> >>> > vulnerability. >>>> >>> > >>>> >>> > Has anyone else observed a problem using Webscarab conversations? Is >>>> >>> > there >>>> >>> > any tip or trick that I can use in order to solve this problem? >>>> >>> > >>>> >>> > Thanks in advance >>>> >>> > >>>> >>> > Antonios >>>> >>> > >>>> >>> > >>>> >>> > >>>> >>> > ------------------------------------------------------------------------------ >>>> >>> > Protect Your Site and Customers from Malware Attacks >>>> >>> > Learn about various malware tactics and how to avoid them. >>>> >>> > Understand >>>> >>> > malware threats, the impact they can have on your business, and how >>>> >>> > you >>>> >>> > can protect your company and customers by using code signing. >>>> >>> > http://p.sf.net/sfu/oracle-sfdevnl >>>> >>> > _______________________________________________ >>>> >>> > sqlmap-users mailing list >>>> >>> > sql...@li... >>>> >>> > https://lists.sourceforge.net/lists/listinfo/sqlmap-users >>>> >>> > >>>> >>> > >>>> >>> >>>> >>> >>>> >>> >>>> >>> -- >>>> >>> Miroslav Stampar >>>> >>> >>>> >>> E-mail / Jabber: miroslav.stampar (at) gmail.com >>>> >>> Mobile: +385921010204 (HR 0921010204) >>>> >>> PGP Key ID: 0xB5397B1B >>>> >>> Location: Zagreb, Croatia >>>> >> >>>> >> >>>> >> >>>> > >>>> > >>>> > >>>> > -- >>>> > Miroslav Stampar >>>> > >>>> > E-mail / Jabber: miroslav.stampar (at) gmail.com >>>> > Mobile: +385921010204 (HR 0921010204) >>>> > PGP Key ID: 0xB5397B1B >>>> > Location: Zagreb, Croatia >>>> > >>>> >>>> >>>> >>>> -- >>>> Miroslav Stampar >>>> >>>> E-mail / Jabber: miroslav.stampar (at) gmail.com >>>> Mobile: +385921010204 (HR 0921010204) >>>> PGP Key ID: 0xB5397B1B >>>> Location: Zagreb, Croatia >>> >>> >> >> >> >> -- >> Miroslav Stampar >> >> E-mail / Jabber: miroslav.stampar (at) gmail.com >> Mobile: +385921010204 (HR 0921010204) >> PGP Key ID: 0xB5397B1B >> Location: Zagreb, Croatia >> > > > > -- > Miroslav Stampar > > E-mail / Jabber: miroslav.stampar (at) gmail.com > Mobile: +385921010204 (HR 0921010204) > PGP Key ID: 0xB5397B1B > Location: Zagreb, Croatia > -- Miroslav Stampar E-mail / Jabber: miroslav.stampar (at) gmail.com Mobile: +385921010204 (HR 0921010204) PGP Key ID: 0xB5397B1B Location: Zagreb, Croatia |
|
From: Antonios A. <ant...@gm...> - 2011-01-30 20:13:47
|
Hi Miroslav, first of all, please let me apologize for my late response. I downloaded the latest svn tonight and I tested against webscarab conversation using the batch mode. It does seem to process them but it does not detect the existing SQLi. Please let me know if you want any further information. Antonios 2011/1/20 Miroslav Stampar <mir...@gm...> > hi. > > with last commit you can find support for WebScarab log files. if you > find any "problems" related please report. > > only one warning: you won't be able to process POST requests as > WebScarab "smartly" stores their bodies in separate files. > > kr > > On Thu, Jan 20, 2011 at 12:32 PM, Miroslav Stampar > <mir...@gm...> wrote: > > hi Antonios. > > > > no worry. gonna fix it probably today. > > > > kr > > > > On Thu, Jan 20, 2011 at 12:22 PM, Antonios Atlasis > > <ant...@gm...> wrote: > >> Thanks for your reply. > >> > >> The problem is that the free version of Burpsuite does not allow to save > the > >> spidering results; this is why I rely on webscarab. > >> > >> Thanks again > >> > >> Antonios > >> . > >> 2011/1/20 Miroslav Stampar <mir...@gm...> > >>> > >>> LOL > >>> > >>> we've stated that we support WebScarab logs, while we don't :) > >>> > >>> thx for reporting. > >>> > >>> we'll see what we can do. in the mean time you can try to use Burp > >>> which logs we should support most definitely. > >>> > >>> kr > >>> > >>> On Wed, Jan 19, 2011 at 10:19 PM, Miroslav Stampar > >>> <mir...@gm...> wrote: > >>> > Downloading right now. Will report back. > >>> > > >>> > KR > >>> > > >>> > On Wed, Jan 19, 2011 at 9:28 PM, Antonios Atlasis > >>> > <ant...@gm...> wrote: > >>> >> Hi Miroslav and thanks for your answer, > >>> >> > >>> >> I did reproduce the results a couple of times and you can easily do > so. > >>> >> > >>> >> My target is the ctf6 lampsec security (you can downloaded from > >>> >> http://sourceforge.net/projects/lampsecurity/). > >>> >> > >>> >> After a very fast browsing, I crawled the rest of the site using > >>> >> Webscarab. > >>> >> > >>> >> I run the command sqlmap --batch -v 2 -l > >>> >> ../webscarab-logs/conversations/ > >>> >> > >>> >> sqlmap failed to find any sqli. > >>> >> > >>> >> Then I run sqlmap -u http://192.168.163.128/index.php?id=4 (one > of > >>> >> the > >>> >> vulnerable urls) and it does find the sqli vulnerability. > >>> >> > >>> >> please let me know if you want me to send you any logs. > >>> >> > >>> >> Regards > >>> >> > >>> >> Antonios > >>> >> > >>> >> 2011/1/18 Miroslav Stampar <mir...@gm...> > >>> >>> > >>> >>> Hi Antonios. > >>> >>> > >>> >>> main question is: are you able to reproduce this kind of behavior > >>> >>> again? > >>> >>> > >>> >>> if yes, then sqlmap really has some "bug" and it would be great if > you > >>> >>> could (maybe privately) provide is with further details from used > >>> >>> logs. > >>> >>> > >>> >>> if no, thing that comes to my mind and that can screw things up is > >>> >>> "dynamicity". we've worked hard to make a good comparison/detection > >>> >>> engine together with dynamicity removal, but still, pages with lots > of > >>> >>> garbaged styles/tags/scripts... can screw things up, especially > when > >>> >>> only a small part of the page is affected by injection itself. > hence > >>> >>> there are switches like --string and --text-only (removes all > >>> >>> tags/scripts/styles and retrieves only pure text) that can do > miracles > >>> >>> in those kind of cases. > >>> >>> > >>> >>> KR > >>> >>> > >>> >>> On Tue, Jan 18, 2011 at 10:04 PM, Antonios Atlasis > >>> >>> <ant...@gm...> wrote: > >>> >>> > > >>> >>> > Hello to the list, > >>> >>> > > >>> >>> > after spidering a site that is vulnerable to SQLi with Webscarab, > I > >>> >>> > fed > >>> >>> > its > >>> >>> > conversations directory to sqlmap using the -l option. > >>> >>> > sqlmap didn't find any SQLi vulnerable. > >>> >>> > > >>> >>> > Then, I fed a vulnerable URL to sqlmap with the -u option (which > URL > >>> >>> > was > >>> >>> > also included in the webscarab conversations and it had also been > >>> >>> > tested > >>> >>> > before with sqlmap), and sqlmap did found this time the specific > >>> >>> > SQLi > >>> >>> > vulnerability. > >>> >>> > > >>> >>> > Has anyone else observed a problem using Webscarab conversations? > Is > >>> >>> > there > >>> >>> > any tip or trick that I can use in order to solve this problem? > >>> >>> > > >>> >>> > Thanks in advance > >>> >>> > > >>> >>> > Antonios > >>> >>> > > >>> >>> > > >>> >>> > > >>> >>> > > ------------------------------------------------------------------------------ > >>> >>> > Protect Your Site and Customers from Malware Attacks > >>> >>> > Learn about various malware tactics and how to avoid them. > >>> >>> > Understand > >>> >>> > malware threats, the impact they can have on your business, and > how > >>> >>> > you > >>> >>> > can protect your company and customers by using code signing. > >>> >>> > http://p.sf.net/sfu/oracle-sfdevnl > >>> >>> > _______________________________________________ > >>> >>> > sqlmap-users mailing list > >>> >>> > sql...@li... > >>> >>> > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > >>> >>> > > >>> >>> > > >>> >>> > >>> >>> > >>> >>> > >>> >>> -- > >>> >>> Miroslav Stampar > >>> >>> > >>> >>> E-mail / Jabber: miroslav.stampar (at) gmail.com > >>> >>> Mobile: +385921010204 (HR 0921010204) > >>> >>> PGP Key ID: 0xB5397B1B > >>> >>> Location: Zagreb, Croatia > >>> >> > >>> >> > >>> >> > >>> > > >>> > > >>> > > >>> > -- > >>> > Miroslav Stampar > >>> > > >>> > E-mail / Jabber: miroslav.stampar (at) gmail.com > >>> > Mobile: +385921010204 (HR 0921010204) > >>> > PGP Key ID: 0xB5397B1B > >>> > Location: Zagreb, Croatia > >>> > > >>> > >>> > >>> > >>> -- > >>> Miroslav Stampar > >>> > >>> E-mail / Jabber: miroslav.stampar (at) gmail.com > >>> Mobile: +385921010204 (HR 0921010204) > >>> PGP Key ID: 0xB5397B1B > >>> Location: Zagreb, Croatia > >> > >> > > > > > > > > -- > > Miroslav Stampar > > > > E-mail / Jabber: miroslav.stampar (at) gmail.com > > Mobile: +385921010204 (HR 0921010204) > > PGP Key ID: 0xB5397B1B > > Location: Zagreb, Croatia > > > > > > -- > Miroslav Stampar > > E-mail / Jabber: miroslav.stampar (at) gmail.com > Mobile: +385921010204 (HR 0921010204) > PGP Key ID: 0xB5397B1B > Location: Zagreb, Croatia > -- |
|
From: Miroslav S. <mir...@gm...> - 2011-01-31 09:35:23
|
Hi. Are you positive that the site is injectable? Have you tried to exploit it manually? You can try to use advanced payloads with switches --level (e.g. 3) and --risk (e.g. 3). If you need help you can contact me privately. KR On Sun, Jan 30, 2011 at 9:13 PM, Antonios Atlasis <ant...@gm...> wrote: > Hi Miroslav, > > first of all, please let me apologize for my late response. > > I downloaded the latest svn tonight and I tested against webscarab > conversation using the batch mode. It does seem to process them but it does > not detect the existing SQLi. > > Please let me know if you want any further information. > > Antonios > > 2011/1/20 Miroslav Stampar <mir...@gm...> >> >> hi. >> >> with last commit you can find support for WebScarab log files. if you >> find any "problems" related please report. >> >> only one warning: you won't be able to process POST requests as >> WebScarab "smartly" stores their bodies in separate files. >> >> kr >> >> On Thu, Jan 20, 2011 at 12:32 PM, Miroslav Stampar >> <mir...@gm...> wrote: >> > hi Antonios. >> > >> > no worry. gonna fix it probably today. >> > >> > kr >> > >> > On Thu, Jan 20, 2011 at 12:22 PM, Antonios Atlasis >> > <ant...@gm...> wrote: >> >> Thanks for your reply. >> >> >> >> The problem is that the free version of Burpsuite does not allow to >> >> save the >> >> spidering results; this is why I rely on webscarab. >> >> >> >> Thanks again >> >> >> >> Antonios >> >> . >> >> 2011/1/20 Miroslav Stampar <mir...@gm...> >> >>> >> >>> LOL >> >>> >> >>> we've stated that we support WebScarab logs, while we don't :) >> >>> >> >>> thx for reporting. >> >>> >> >>> we'll see what we can do. in the mean time you can try to use Burp >> >>> which logs we should support most definitely. >> >>> >> >>> kr >> >>> >> >>> On Wed, Jan 19, 2011 at 10:19 PM, Miroslav Stampar >> >>> <mir...@gm...> wrote: >> >>> > Downloading right now. Will report back. >> >>> > >> >>> > KR >> >>> > >> >>> > On Wed, Jan 19, 2011 at 9:28 PM, Antonios Atlasis >> >>> > <ant...@gm...> wrote: >> >>> >> Hi Miroslav and thanks for your answer, >> >>> >> >> >>> >> I did reproduce the results a couple of times and you can easily do >> >>> >> so. >> >>> >> >> >>> >> My target is the ctf6 lampsec security (you can downloaded from >> >>> >> http://sourceforge.net/projects/lampsecurity/). >> >>> >> >> >>> >> After a very fast browsing, I crawled the rest of the site using >> >>> >> Webscarab. >> >>> >> >> >>> >> I run the command sqlmap --batch -v 2 -l >> >>> >> ../webscarab-logs/conversations/ >> >>> >> >> >>> >> sqlmap failed to find any sqli. >> >>> >> >> >>> >> Then I run sqlmap -u http://192.168.163.128/index.php?id=4 (one >> >>> >> of >> >>> >> the >> >>> >> vulnerable urls) and it does find the sqli vulnerability. >> >>> >> >> >>> >> please let me know if you want me to send you any logs. >> >>> >> >> >>> >> Regards >> >>> >> >> >>> >> Antonios >> >>> >> >> >>> >> 2011/1/18 Miroslav Stampar <mir...@gm...> >> >>> >>> >> >>> >>> Hi Antonios. >> >>> >>> >> >>> >>> main question is: are you able to reproduce this kind of behavior >> >>> >>> again? >> >>> >>> >> >>> >>> if yes, then sqlmap really has some "bug" and it would be great if >> >>> >>> you >> >>> >>> could (maybe privately) provide is with further details from used >> >>> >>> logs. >> >>> >>> >> >>> >>> if no, thing that comes to my mind and that can screw things up is >> >>> >>> "dynamicity". we've worked hard to make a good >> >>> >>> comparison/detection >> >>> >>> engine together with dynamicity removal, but still, pages with >> >>> >>> lots of >> >>> >>> garbaged styles/tags/scripts... can screw things up, especially >> >>> >>> when >> >>> >>> only a small part of the page is affected by injection itself. >> >>> >>> hence >> >>> >>> there are switches like --string and --text-only (removes all >> >>> >>> tags/scripts/styles and retrieves only pure text) that can do >> >>> >>> miracles >> >>> >>> in those kind of cases. >> >>> >>> >> >>> >>> KR >> >>> >>> >> >>> >>> On Tue, Jan 18, 2011 at 10:04 PM, Antonios Atlasis >> >>> >>> <ant...@gm...> wrote: >> >>> >>> > >> >>> >>> > Hello to the list, >> >>> >>> > >> >>> >>> > after spidering a site that is vulnerable to SQLi with >> >>> >>> > Webscarab, I >> >>> >>> > fed >> >>> >>> > its >> >>> >>> > conversations directory to sqlmap using the -l option. >> >>> >>> > sqlmap didn't find any SQLi vulnerable. >> >>> >>> > >> >>> >>> > Then, I fed a vulnerable URL to sqlmap with the -u option (which >> >>> >>> > URL >> >>> >>> > was >> >>> >>> > also included in the webscarab conversations and it had also >> >>> >>> > been >> >>> >>> > tested >> >>> >>> > before with sqlmap), and sqlmap did found this time the specific >> >>> >>> > SQLi >> >>> >>> > vulnerability. >> >>> >>> > >> >>> >>> > Has anyone else observed a problem using Webscarab >> >>> >>> > conversations? Is >> >>> >>> > there >> >>> >>> > any tip or trick that I can use in order to solve this problem? >> >>> >>> > >> >>> >>> > Thanks in advance >> >>> >>> > >> >>> >>> > Antonios >> >>> >>> > >> >>> >>> > >> >>> >>> > >> >>> >>> > >> >>> >>> > ------------------------------------------------------------------------------ >> >>> >>> > Protect Your Site and Customers from Malware Attacks >> >>> >>> > Learn about various malware tactics and how to avoid them. >> >>> >>> > Understand >> >>> >>> > malware threats, the impact they can have on your business, and >> >>> >>> > how >> >>> >>> > you >> >>> >>> > can protect your company and customers by using code signing. >> >>> >>> > http://p.sf.net/sfu/oracle-sfdevnl >> >>> >>> > _______________________________________________ >> >>> >>> > sqlmap-users mailing list >> >>> >>> > sql...@li... >> >>> >>> > https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> >>> >>> > >> >>> >>> > >> >>> >>> >> >>> >>> >> >>> >>> >> >>> >>> -- >> >>> >>> Miroslav Stampar >> >>> >>> >> >>> >>> E-mail / Jabber: miroslav.stampar (at) gmail.com >> >>> >>> Mobile: +385921010204 (HR 0921010204) >> >>> >>> PGP Key ID: 0xB5397B1B >> >>> >>> Location: Zagreb, Croatia >> >>> >> >> >>> >> >> >>> >> >> >>> > >> >>> > >> >>> > >> >>> > -- >> >>> > Miroslav Stampar >> >>> > >> >>> > E-mail / Jabber: miroslav.stampar (at) gmail.com >> >>> > Mobile: +385921010204 (HR 0921010204) >> >>> > PGP Key ID: 0xB5397B1B >> >>> > Location: Zagreb, Croatia >> >>> > >> >>> >> >>> >> >>> >> >>> -- >> >>> Miroslav Stampar >> >>> >> >>> E-mail / Jabber: miroslav.stampar (at) gmail.com >> >>> Mobile: +385921010204 (HR 0921010204) >> >>> PGP Key ID: 0xB5397B1B >> >>> Location: Zagreb, Croatia >> >> >> >> >> > >> > >> > >> > -- >> > Miroslav Stampar >> > >> > E-mail / Jabber: miroslav.stampar (at) gmail.com >> > Mobile: +385921010204 (HR 0921010204) >> > PGP Key ID: 0xB5397B1B >> > Location: Zagreb, Croatia >> > >> >> >> >> -- >> Miroslav Stampar >> >> E-mail / Jabber: miroslav.stampar (at) gmail.com >> Mobile: +385921010204 (HR 0921010204) >> PGP Key ID: 0xB5397B1B >> Location: Zagreb, Croatia > > > > -- > -- Miroslav Stampar E-mail / Jabber: miroslav.stampar (at) gmail.com Mobile: +385921010204 (HR 0921010204) PGP Key ID: 0xB5397B1B Location: Zagreb, Croatia |
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X