Hi,

sqlmap currently only shows by default the payload that was used to identify 
a certain injection method. There usually information like random numbers 
are included. To better understand what sqlmap is doing I want to propose to 
include the raw payload also known as vector in the info. Please see the 
attached patch for this.

Kind regards
Till
Index: lib/controller/controller.py
===================================================================
--- lib/controller/controller.py	(Revision 4733)
+++ lib/controller/controller.py	(Arbeitskopie)
@@ -136,7 +136,8 @@
                 title = title.replace("columns", "column")
         data += "    Type: %s\n" % PAYLOAD.SQLINJECTION[stype]
         data += "    Title: %s\n" % title
-        data += "    Payload: %s\n\n" % (sdata.payload if stype != PAYLOAD.TECHNIQUE.TIME else sdata.payload.replace("[SLEEPTIME]", str(conf.timeSec)))
+        data += "    Payload: %s\n" % (sdata.payload if stype != PAYLOAD.TECHNIQUE.TIME else sdata.payload.replace("[SLEEPTIME]", str(conf.timeSec)))
+        data += "    Vector: %s\n\n" % sdata.vector
 
     return data
 

------------------------------------------------------------------------------
Virtualization & Cloud Management Using Capacity Planning
Cloud computing makes use of virtualization - but cloud computing 
also focuses on allowing computing to be delivered as a service.
http://www.accelacomm.com/jaw/sfnl/114/51521223/
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users

Reply via email to