[sqlmap-users] --ignore-404 ?

buawig Wed, 24 Apr 2013 11:44:15 -0700

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi,


a custom web application responds to different URL parameter payloads
with changing HTTP status codes:


example.com/foo.bar?param=payload1
response: 200

example.com/foo.bar?param=payload2
response: 403

example.com/foo.bar?param=payload3
response: 400

example.com/foo.bar?param=payload4
response: 404

...

sqlmap seams to tolerate occasional 404 response codes but when
running with --level=5  sqlmap gives up due to the high amount of 404
response codes.

Even though this web application behaviour is probably not HTTP
conform, is there a way to tell sqlmap "keep on going even if the
server tells you 404 file not found"?

If there is currently no such feature, what do you think about it?

With --ignore-404 I do not mean to imply that sqlmap should not
evaluate HTTP status codes at all (e.g. when using to differentiate
between true and false in boolean based sql injections).
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJReCcRAAoJEJeRHQyF0ukMSOEQALnMIGbE1RokANiasA6LnES2
5+tghChF/X3c2dleN4bOG7QQU14jI32tBjGRcncET7WOc16XBXExTOAMzp8GUKQU
6JUMwVwBssUAcJ5C3CM1/IzCh8A03k9G0jNYobEMxWhd0a7Y9b9n1lhjf/aE2nDf
DZUPqErXEAWXSfJAeG6Rm9kr8sfnMvSS6Qqa8oCZ6f3d52eEztSuU79l9FMu8CRu
yI8qk2kpQj3S7PbJ/ahy2aCMfycvPpgZyTlFRomPKB3VR5ZLiomCKu2r+Q5Nyism
P4BS7t2nUawyk3MUadjFxxetxCuOLv6oDVE95hwYREJ0ynkys4Q7t85vLl+d8DDz
y0Dtdj93KZqxwGKfrWcBsS4rcfBXqncLaFSFwmIAlJbk5Mf5qwYmnc5HxH7apyhn
B9vwfcZlMllrIYhcZo/EmMzXo617TCAnfBljCmskEjZZCCmtIaLpEUfYY2K1Zvcd
c/4gAQmTWGiW9jaPa0WQ35PrMyz9okRpylHfmApFMEpmCPj7aIaZuQFRM6MNtrul
zylUcJK1zcGQh2gUYvdFrCdUhuHbN+NNJtLF1XKe5PsahyzBpWHluyony52V7CPK
bbikP6q3VQi+ONNvPW+M6ZGquMiagaTwcKM4tY3OWgZWyf8gxhJFgBhLOeUJXRkX
WOD+PRSe2JBDLE577t5g
=wHFU
-----END PGP SIGNATURE-----

------------------------------------------------------------------------------
Try New Relic Now & We'll Send You this Cool Shirt
New Relic is the only SaaS-based application performance monitoring service 
that delivers powerful full stack analytics. Optimize and monitor your
browser, app, & servers with just a few lines of code. Try New Relic
and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_apr
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users

[sqlmap-users] --ignore-404 ?

Reply via email to