Indeed, yes.
Bernardo
On Fri, Jul 2, 2010 at 21:06, Tate Hansen <ta...@cl...> wrote:
> Hi, is this still in queue to be fixed?
> -Tate
>
> Sam,
>
> On Wed, Feb 10, 2010 at 22:32, Sam Elliot <dr...@bu...> wrote:
>> I have manually confirmed a simple 'waitfor%20delay'0:0:20'- sql
>> injection vector in a site test, but when I try to replicate this with
>> SQLMap using the '--time-test' option it does not even perform any 'wait
>> for delay' type vectors as shown in the usage options.
>> ...
>
> By (weak) design, sqlmap tries specified --stacked-test, --time-test
> and --union-test only if beforehand it detected a boolean based blind
> sql injection. This is wrong and will be fixed starting from March.
>
> Regards,
> --
> Bernardo Damele A. G.
>
> E-mail / Jabber: bernardo.damele (at) gmail.com
> Mobile: +447788962949 (UK 07788962949)
> PGP Key ID: 0x05F5A30F
>
> ------------------------------------------------------------------------------
> This SF.net email is sponsored by Sprint
> What will you do first with EVO, the first 4G phone?
> Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>
--
Bernardo Damele A. G.
E-mail / Jabber: bernardo.damele (at) gmail.com
Mobile: +447788962949 (UK 07788962949)
PGP Key ID: 0x05F5A30F
|
