[sqlmap-users] [FeatureReq] Smart proximity based queries on table names etc
Brought to you by:
inquisb
Menu
▾
▴
[sqlmap-users] [FeatureReq] Smart proximity based queries on table names etc
|
From: Ole R. <ol...@gm...> - 2010-04-14 22:07:51
|
Many DBs are often designed such that table/db names are coherent. Something often seen is that every table name is prefixed with some string describing somewhat the relations in the table. An example: DB table1: data_catalogs data_catalogs_log data_catalyst data_emails data_emails_old I don't know if SqlMap takes proximity of the last found table names into account when enumerating - if it doesn't that could greatly speed up enumerating table names like in the above example. When SqlMap acquires the name 'data_catalogs' it could start the next query by checking if the first letter is 'd' (which it is in the above example), circumventing the need to do the binary relation search. If the letter isn't 'd' then all we lost is adding a single query, but we save a lot of queries if it is. Next time (if the letter was 'd') it would check if the letter was 'a', then 't' and so on. This would of course only work if the data is fetched in sorted order, but I haven't encountered a case where it isn't yet - I guess it must be sorted in INFORMATION tables in MySql? If it is then I think this only underlines why you should implement the suggested proximity queries. It might also be advantageous to exploit that the information is sorted even without proximity queries; if we just received a table name starting with 'd' then we know the next table name starts with at least 'd' as well - I'm not sure if SqlMap already exploits this? Regards, Ole |
