then please do the -t traffic.txt and inspect the content of responses there. i believe that there could be some interesting information there that could help you.
general note: when you get this kind of "strange" 500s while injection was detected then you are most probably dealing with some kind of WAF/IPS. kr On Wed, Jul 27, 2011 at 2:00 PM, Liran Mimoni <reactor.l...@gmail.com> wrote: > Ok I won't :) thanks alot > and like I said, --dbs on MS SQL server (not access) also returns 500 HTTP, > but --tables is trying to guess the tables there > > On Wed, Jul 27, 2011 at 2:59 PM, Miroslav Stampar > <miroslav.stam...@gmail.com> wrote: >> >> in lib/core/settings.py you can change number '10' to something that >> will suite your needs. >> >> # Maximum number of threads (avoiding connection issues and/or DoS) >> MAX_NUMBER_OF_THREADS = 10 >> >> just one note. please don't come back with "why do i get all those >> timeouts". >> >> ------------------------------- >> >> about the ./sqlmap.py -u "http://URL/shop.asp?CatID=8&ProdID=75"; --dbs >> i believe that Andre Silva really pointed you to the good direction. >> please do the --flush-session. there were some changes in "data model" >> which could prevent you from resuming the stored injection data. >> >> kr >> >> On Wed, Jul 27, 2011 at 1:52 PM, Liran Mimoni <reactor.l...@gmail.com> >> wrote: >> > ./sqlmap.py -u "http://URL/shop.asp?CatID=8&ProdID=75"; --dbs >> > also there is a way to bypass the limit of maximum threads to more than >> > 10? >> > Thanks >> > >> > On Wed, Jul 27, 2011 at 2:46 PM, Miroslav Stampar >> > <miroslav.stam...@gmail.com> wrote: >> >> >> >> hi Liran. >> >> >> >> what's the command line used? >> >> >> >> kr >> >> >> >> On Wed, Jul 27, 2011 at 1:28 PM, Liran Mimoni <reactor.l...@gmail.com> >> >> wrote: >> >> > there is a bug in version 1, each time I run some injection on same >> >> > server >> >> > that already injected the tool won't load it from the cache, it will >> >> > test it >> >> > again >> >> > >> >> > >> >> > ------------------------------------------------------------------------------ >> >> > Got Input? Slashdot Needs You. >> >> > Take our quick survey online. Come on, we don't ask for help often. >> >> > Plus, you'll get a chance to win $100 to spend on ThinkGeek. >> >> > http://p.sf.net/sfu/slashdot-survey >> >> > _______________________________________________ >> >> > sqlmap-users mailing list >> >> > sqlmap-users@lists.sourceforge.net >> >> > https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> >> > >> >> > >> >> >> >> >> >> >> >> -- >> >> Miroslav Stampar (@stamparm) >> >> >> >> E-mail: miroslav.stampar (at) gmail.com >> >> PGP Key ID: 0xB5397B1B >> > >> > >> >> >> >> -- >> Miroslav Stampar (@stamparm) >> >> E-mail: miroslav.stampar (at) gmail.com >> PGP Key ID: 0xB5397B1B > > -- Miroslav Stampar (@stamparm) E-mail: miroslav.stampar (at) gmail.com PGP Key ID: 0xB5397B1B ------------------------------------------------------------------------------ Got Input? Slashdot Needs You. Take our quick survey online. Come on, we don't ask for help often. Plus, you'll get a chance to win $100 to spend on ThinkGeek. http://p.sf.net/sfu/slashdot-survey _______________________________________________ sqlmap-users mailing list sqlmap-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/sqlmap-users
