Hi,
When looking at HTTP Requests and Response, by using verbose level 6 (-v
6), sqlmap does not show the full HTTP response with the HTTP 302 Moved
Temporarily.
sqlmap got a 302 redirect to 'http://removed/removed.shtml'. Do you want to
follow? [Y/n] y
[14:07:02] [INFO] heuristics detected web page charset 'ascii'
[14:07:02] [TRAFFIC IN] HTTP response [#2] (302 Object Moved):
Connection: close
Content-type: text/html
Location: https://removed/removed.shtml
Cache-control: private
[14:07:02] [TRAFFIC IN] HTTP response [#2] (302 Moved Temporarily):
In the body of the first HTTP Response, the 302 temporary redirect, is the
result of the SQL injection.
If I don't follow the redirection then I see the result. This is fine (to
me at least), I just didn't realise or expect it at first. I expected that
verbose 6 would show all of the responses, particularly those that contain
the results that sqlmap is returning.
Cheers,
Abu
------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_nov
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
