Hi Anton,

On 19 December 2012 19:16, Anton Sazonov <anton.sazo...@gmail.com> wrote:
>
> Bernardo, wouldn't it be wiser to remove the .tgz/.zip link altogether from 
> sqlmap.org?
>
> I mean, most of the people's failures fall into the category of "git the 
> latest version, would you".

Those .zip and tar.gz are generated from the very latest development
version at each git push. The only disadvantage is that they're not
git working directories (there's no .git/ folder) so cannot be kept
updated.

> [...]
> On another note, could you or anyone kindly explain the newish --live-test? I 
> only see it in git fetch logs. And I don't much read Python.

--live-test is used internally for development regression testing
purposes whereby test cases are defined in xml/livetests.xml - it is a
hidden switch needed only during the development to assert no bugs are
introduced in existing and solid features following new developments.

> Finally, please, eventually, do take care of issue #48 
> (https://github.com/sqlmapproject/sqlmap/issues/48), specifically the 
> inability to inject into any fields, including HTTP headers.

At the moment, sqlmap can detect and exploit SQL injections in Cookie,
User-Agent and Referer headers, given you provide a high --level value
(say 3 or above). Ability to inject in arbitrary headers will come,
but is not top priority at the moment.

--
Bernardo Damele A. G.

E-mail / Jabber: bernardo.damele (at) gmail.com
Mobile: +447788962949 (UK 07788962949)

------------------------------------------------------------------------------
LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial
Remotely access PCs and mobile devices and provide instant support
Improve your efficiency, and focus on delivering more value-add services
Discover what IT Professionals Know. Rescue delivers
http://p.sf.net/sfu/logmein_12329d2d
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users

Reply via email to