Hi,
sqlmap currently only shows by default the payload that was used to identify
a certain injection method. There usually information like random numbers
are included. To better understand what sqlmap is doing I want to propose to
include the raw payload also known as vector in the info. Please see the
attached patch for this.
Kind regards
Till
Index: lib/controller/controller.py
===================================================================
--- lib/controller/controller.py (Revision 4733)
+++ lib/controller/controller.py (Arbeitskopie)
@@ -136,7 +136,8 @@
title = title.replace("columns", "column")
data += " Type: %s\n" % PAYLOAD.SQLINJECTION[stype]
data += " Title: %s\n" % title
- data += " Payload: %s\n\n" % (sdata.payload if stype != PAYLOAD.TECHNIQUE.TIME else sdata.payload.replace("[SLEEPTIME]", str(conf.timeSec)))
+ data += " Payload: %s\n" % (sdata.payload if stype != PAYLOAD.TECHNIQUE.TIME else sdata.payload.replace("[SLEEPTIME]", str(conf.timeSec)))
+ data += " Vector: %s\n\n" % sdata.vector
return data
------------------------------------------------------------------------------
Virtualization & Cloud Management Using Capacity Planning
Cloud computing makes use of virtualization - but cloud computing
also focuses on allowing computing to be delivered as a service.
http://www.accelacomm.com/jaw/sfnl/114/51521223/
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
