Already did that, they applied something like it. The problem was: It's MySQL specific.
Thanks anyway. I'd like to take care of the SQLMap API if you don't mind. Would be my first contribution to the framework. Are there any plans, whishes, ... already, or can i build it from scratch? > Daniel, > > On Sun, May 6, 2012 at 3:06 PM, Daniel Zulla > <daniel.zu...@googlemail.com> wrote: >> Hi, >> I provided a little SQLMap patch today, that we should integrate to the w3af >> too. >> >> Sometimes, a original query like >> SELECT [...] WHERE date = '12-07-2012' AND userid='12121212'; >> >> may result in something like >> >> SELECT [...] WHERE date = '12-07-2012' [INJECTION]-- 1AND userid='12121212'; >> >> after an injection. This may result in a really bad timeout. (100.000+ users >> or so) >> >> I attached the patch to this email. It adds a "LIMIT 10" in an appropriate >> position where it doesn't even hurt, if the case I described above is not > >> the case. > > Thanks for the patch, but I won't apply it :( We have a deeper > issue with sqlmap integration today, which is that because of the way > I integrated them (a lot of time ago - that's why our sqlmap is SO > old) it has become very difficult to update the sqlmap that lives in > w3af without breaking the integration. What needs to be done is to > define a clear API in sqlmap and have w3af consume it. > > I'll send an email to Bernardo from sqlmap to see how we can achieve this. > > Regards, > -- > Andrés Riancho > Project Leader at w3af - http://w3af.org/ > Web Application Attack and Audit Framework > Twitter: @w3af > GPG: 0x93C344F3 ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop
