Hi.

Decision is based on a technique used:

A) boolean - similar response on A=A, non similar response on A<>B
B) error - used test query string has to be inside the response (e.g. A:1:B)
C) union - same as B
D) stacked - delay on A=A, no delay on A<>B
E) time-based - same as D

False positives are detected by using a simple arithmetic operations
in cases A/D/E

Please, use -v 3 as much as possible to see what is sqlmap doing.
Also, please take a look into the source code - after all, it's an
open source

Kind regards

On Tue, May 8, 2012 at 12:37 PM, Lukas Rist <glas...@gmail.com> wrote:
> Hello,
>
> Is there a possibility to get the patter sqlmap has used to determine
> the injection (i.e. error based) success?
> I want to get some insight how sqlmap decides if a parameter is
> vulnerable or not.
>
>
> Thanks,
> Lukas
>
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> sqlmap-users mailing list
> sqlmap-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users



-- 
Miroslav Stampar
http://about.me/stamparm

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users

Reply via email to