Re: [sqlmap-users] sqlmap 0.6.4 and Blind SQLi
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] sqlmap 0.6.4 and Blind SQLi
|
From: Bernardo D. A. G. <ber...@gm...> - 2009-02-11 14:46:23
|
Hi Rick, sqlmap has full support for: * Boolean based blind SQL injection, also called inferential blind SQL injection * UNION query SQL injection, also called inband SQL injection, either full and single entry (partial) * Stacked query SQL injection It does not support time based blind SQL injection yet, I will work on it in the long run. Regards, Bernardo On Wed, Feb 11, 2009 at 14:41, Rick Tortorella <rt...@gm...> wrote: > I read the docs and they state that sqlmap can perform blind sqli. But, it > can't. I'm tested this using an application that is only susceptible to time > based blind sqli (which, in point of fact, is the only type of blind IMO... > if you get varying repsonses back from the server that's not really blind, > it's more of a limited error response or better yet, varried response sqli). > sqlmap cannot initialize when used against an application that only has time > based blind sqli. Is there any plans to update sqlmap to work against these > types of applications? -- Bernardo Damele A. G. E-mail / Jabber: bernardo.damele (at) gmail.com Mobiles: +447788962949 (UK), +393493821385 (IT) PGP Key ID: 0x05F5A30F |
