Re: [sqlmap-users] Possible faster finding data thru blind injection
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] Possible faster finding data thru blind injection
|
From: Bernardo D. A. G. <ber...@gm...> - 2010-07-27 17:55:52
|
Hi Erik, On Tue, Jul 27, 2010 at 18:42, Erik Nilsson <da...@gm...> wrote: > It often takes long time to find data thru blind injection. > > Sqlmap loops thru all characters and moves on to the next one when it hits one. > > I have two interesting ideas of how this can work faster: > > 1) Word list, after finding the first two letters, it will try the > next one according two the most common next letter in the word list. Already implemented. It's an hidden option in the development version. We will soon make it default setting, need to port the algorithm to multi-threading first. > 2) Typing on the keyboard. You can often guess what the next letter > is, by typing the letter on the keyboard, Sqlmap will try this letter > next. Already in the TODO list. No developments going on yet. -- Bernardo Damele A. G. E-mail / Jabber: bernardo.damele (at) gmail.com Mobile: +447788962949 (UK 07788962949) PGP Key ID: 0x05F5A30F |
