Hi Buawig.
Currently, sqlmap should not stop in testing mode (it's discutable what to
do in enumeration phase - currently we abrupt program run in such case) on
any occurrence of non-200 code.
Could you please be more specific here? Maybe there is somewhere a hidden
bug related.
Kind regards,
Miroslav Stampar
On Wed, Apr 24, 2013 at 8:40 PM, buawig <bua...@gmail.com> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> Hi,
>
> a custom web application responds to different URL parameter payloads
> with changing HTTP status codes:
>
>
> example.com/foo.bar?param=payload1
> response: 200
>
> example.com/foo.bar?param=payload2
> response: 403
>
> example.com/foo.bar?param=payload3
> response: 400
>
> example.com/foo.bar?param=payload4
> response: 404
>
> ...
>
> sqlmap seams to tolerate occasional 404 response codes but when
> running with --level=5 sqlmap gives up due to the high amount of 404
> response codes.
>
> Even though this web application behaviour is probably not HTTP
> conform, is there a way to tell sqlmap "keep on going even if the
> server tells you 404 file not found"?
>
> If there is currently no such feature, what do you think about it?
>
> With --ignore-404 I do not mean to imply that sqlmap should not
> evaluate HTTP status codes at all (e.g. when using to differentiate
> between true and false in boolean based sql injections).
> -----BEGIN PGP SIGNATURE-----
>
> iQIcBAEBCgAGBQJReCcRAAoJEJeRHQyF0ukMSOEQALnMIGbE1RokANiasA6LnES2
> 5+tghChF/X3c2dleN4bOG7QQU14jI32tBjGRcncET7WOc16XBXExTOAMzp8GUKQU
> 6JUMwVwBssUAcJ5C3CM1/IzCh8A03k9G0jNYobEMxWhd0a7Y9b9n1lhjf/aE2nDf
> DZUPqErXEAWXSfJAeG6Rm9kr8sfnMvSS6Qqa8oCZ6f3d52eEztSuU79l9FMu8CRu
> yI8qk2kpQj3S7PbJ/ahy2aCMfycvPpgZyTlFRomPKB3VR5ZLiomCKu2r+Q5Nyism
> P4BS7t2nUawyk3MUadjFxxetxCuOLv6oDVE95hwYREJ0ynkys4Q7t85vLl+d8DDz
> y0Dtdj93KZqxwGKfrWcBsS4rcfBXqncLaFSFwmIAlJbk5Mf5qwYmnc5HxH7apyhn
> B9vwfcZlMllrIYhcZo/EmMzXo617TCAnfBljCmskEjZZCCmtIaLpEUfYY2K1Zvcd
> c/4gAQmTWGiW9jaPa0WQ35PrMyz9okRpylHfmApFMEpmCPj7aIaZuQFRM6MNtrul
> zylUcJK1zcGQh2gUYvdFrCdUhuHbN+NNJtLF1XKe5PsahyzBpWHluyony52V7CPK
> bbikP6q3VQi+ONNvPW+M6ZGquMiagaTwcKM4tY3OWgZWyf8gxhJFgBhLOeUJXRkX
> WOD+PRSe2JBDLE577t5g
> =wHFU
> -----END PGP SIGNATURE-----
>
>
> ------------------------------------------------------------------------------
> Try New Relic Now & We'll Send You this Cool Shirt
> New Relic is the only SaaS-based application performance monitoring service
> that delivers powerful full stack analytics. Optimize and monitor your
> browser, app, & servers with just a few lines of code. Try New Relic
> and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_apr
> _______________________________________________
> sqlmap-users mailing list
> sqlmap-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
--
Miroslav Stampar
http://about.me/stamparm
------------------------------------------------------------------------------
Try New Relic Now & We'll Send You this Cool Shirt
New Relic is the only SaaS-based application performance monitoring service
that delivers powerful full stack analytics. Optimize and monitor your
browser, app, & servers with just a few lines of code. Try New Relic
and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_apr
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
