Hi, I provided a little SQLMap patch today, that we should integrate to the w3af too.
Sometimes, a original query like SELECT [...] WHERE date = '12-07-2012' AND userid='12121212'; may result in something like SELECT [...] WHERE date = '12-07-2012' [INJECTION]-- 1AND userid='12121212'; after an injection. This may result in a really bad timeout. (100.000+ users or so) I attached the patch to this email. It adds a "LIMIT 10" in an appropriate position where it doesn't even hurt, if the case I described above is not the case.
agent.py.patch
Description: Binary data
Best, Dan
------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop
