Re: [sqlmap-users] Update query

Wed, 09 Nov 2011 08:58:28 -0800 

Hi Bernardo,

Thank you very much for the quick reply.

On Tue, Nov 8, 2011 at 2:58 PM, Bernardo Damele A. G. <
bernardo.dam...@gmail.com> wrote:

> Hi David,
>
> On 8 November 2011 13:13, David Alvarez <david.alvare...@gmail.com> wrote:
> > ...
> > The problem is that sqlmap is not able to detect differences because when
> > sqlmap execute A) the value will be locked, so the following requests
> won't
> > modify the results in the database, the item is locked, and all responses
> > will be equal.
> > To unlock the item, you have to execute another functionality.So, how
> does
> > sqlmap deal in these situations?
>
> What do you mean by "execute another functionality"? If you just need
> to perform a certain GET request, then fine, sqlmap can do it. Use
> switches:
>    --safe-url=SAFURL   Url address to visit frequently during testing
>    --safe-freq=SAFREQ  Test requests between two visits to a given safe url
>
> Refer to the user's manual for details.
>
> I will use those switches, although my functionality is a POST request.
But I can convert from GET to POST with a proxy in the middle.


> > A solution could be provide the unlock request and execute that
> funcionality
> > after every request made by sqlmap, in order to unlock the item and
> detect
> > changes in the responses. However, this duplicates the number of requests
> > needed.
>
> At the moment --safe-url only supports a GET request, we can think of
> making it able to get the raw request from a text file instead so it
> would also support POST (like for -r).
>
> Cheers,
> Bernardo
>
>
> --
> Bernardo Damele A. G.
>
> E-mail / Jabber: bernardo.damele (at) gmail.com
> Mobile: +447788962949 (UK 07788962949)
> PGP Key ID: Unavailable
>

Cheers,
David

------------------------------------------------------------------------------
RSA(R) Conference 2012
Save $700 by Nov 18
Register now
http://p.sf.net/sfu/rsa-sfdev2dev1
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users

Reply via email to