Hi, In your case, --null-connection might have worked (comparison based on "Content-Length" header). If the body has such a minimal difference between True and False, sqlmap algorithm is not (yet) able to pick this up therefore comparison based upon --string or other detection switches is necessary. We are working on improving the detection engine.
Bernardo On 16 March 2012 21:43, buawig <bua...@gmail.com> wrote: >> Could you update now and send full output of -v3 -t traffic.log >> masking sensible data? This would help us to debug this potential >> comparison issue as we are pretty confident that it is not 302 >> redirect related anymore. > > Hi, > I'm sorry but I no longer have access to the tested system, > but there where three different possible locations in the response to > detect the difference: > 1. 'Location' HTTP header: present but empty vs. present and non-empty > 2. 'Content-Length' HTTP header: length A vs. length B > 3. Body" <a href=""> vs. <a href="http://...";> > > hope this helps > > > > > ------------------------------------------------------------------------------ > This SF email is sponsosred by: > Try Windows Azure free for 90 days Click Here > http://p.sf.net/sfu/sfd2d-msazure > _______________________________________________ > sqlmap-users mailing list > sqlmap-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/sqlmap-users -- Bernardo Damele A. G. Homepage: http://about.me/inquis E-mail / Jabber: bernardo.damele (at) gmail.com Mobile: +447788962949 (UK 07788962949) ------------------------------------------------------------------------------ This SF email is sponsosred by: Try Windows Azure free for 90 days Click Here http://p.sf.net/sfu/sfd2d-msazure _______________________________________________ sqlmap-users mailing list sqlmap-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/sqlmap-users
