Daniele,
On Mon, Nov 17, 2008 at 7:42 AM, Daniele Bellucci
<[EMAIL PROTECTED]> wrote:
>>> !! So..., adding a comment isn't always the best. Could you please think
>>> !! about an example where 1 AND 1=1 wouldn't work, and 1 AND 1=1-- would?
>
> I think you're right Andres ... i tried to figure out an example but
> still haven't found.
great, I thought I was the only dumb ;)
> By the way i could ask you :
>
> "Could you please think an example where 1 AND 1=1 work and 1 AND
> 1=1-- wouldn't ?"
I can't, and that's the point.
> But we can avoid these questions ulntil 'fuzz vecotors' are stored
> inside plugins.
> For now, since you only need to check if a webappz is
> blindSQLInjection vulnerable
> query strings like: ?id=1+0 is enough on numerical values (as well as:
> ?id=CONCAT('str','ing') on strings)
You are fuc**** right! I never thought about that... hmmm. So what I
could do is just:
Original: ?id=1
Fuzzed: ?id=1-1+1
And if the responses to original and fuzzed are the same... then it's
injectable... I like it! But I don't know why, but I trust the "1 AND
1=1" approach more; maybe it's because of your technique new to me...
Is SQLMap using "?id=1+0" to detect blind sql injections?
Cheers,
--
Andres Riancho
http://w3af.sourceforge.net/
Web Application Attack and Audit Framework
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
W3af-develop mailing list
W3af-develop@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/w3af-develop
