Re: [sqlmap-users] Call for common table names

[shaohua p. <pa...@kn...>]

great!
after all, this feature really come to true .

On Wed, Sep 29, 2010 at 11:08 PM, Andres Riancho
<and...@gm...>wrote:

> I'm more interested in the script :)
>
> On Wed, Sep 29, 2010 at 11:38 AM, Miroslav Stampar
> <mir...@gm...> wrote:
> > program is done. i've run it partially for first 40 pages of Google
> > results and will leave it to run for whole night for the rest.
> >
> > if someone is interested for the complete sorted list of pairs
> > (table_name, count) give me a private mail and i'll send it to you.
> >
> > kind regards.
> >
> > p.s. first ten are at this moment:
> >
> > users,20
> > user,14
> > comments,12
> > sessions,10
> > categories,10
> > customers,10
> > customer,10
> > orders,9
> > log,8
> > category,7
> >
> >
> > On Wed, Sep 29, 2010 at 2:27 PM, Miroslav Stampar
> > <mir...@gm...> wrote:
> >> to be honest, this is great idea :)
> >>
> >> i've tried it and it really shows some really cool stuff :)
> >>
> >> will do this because i am more than interested what will be the results.
> >>
> >> once again, great idea
> >>
> >> On Wed, Sep 29, 2010 at 2:24 PM, Andres Riancho
> >> <and...@gm...> wrote:
> >>> Maybe if you search google's codesearch for "create table ..." inside.
> sql
> >>> files and automate the result extraction you would get something really
> cool
> >>> :)
> >>>
> >>> Regards,
> >>> --
> >>> Andres Riancho
> >>>
> >>> El sep 29, 2010 9:21 a.m., "Miroslav Stampar" <
> mir...@gm...>
> >>> escribió:
> >>>
> >>> Hi.
> >>>
> >>> We are currently adding new feature into sqlmap for retrieving table
> >>> names when database (information_) schema is missing and/or sqlmap is
> >>> unable to extract table names via normal ways.
> >>>
> >>> Basic injection vector is: ...AND EXISTS(SELECT 1 FROM <table_name>)...
> >>>
> >>> So, if you have some knowledge to share please do.
> >>>
> >>> PHP, Joomla, Wordpress,... everything is more than welcome, except
> >>> database system tables. We have those more than enough ;)
> >>>
> >>> Bye.
> >>>
> >>> --
> >>> Miroslav Stampar
> >>>
> >>> E-mail / Jabber: miroslav.stampar (at) gmail.com
> >>> Mobile: +385921010204 (HR 0921010204)
> >>> PGP Key ID: 0xB5397B1B
> >>> Location: Zagreb, Croatia
> >>>
> >>>
> ------------------------------------------------------------------------------
> >>> Start uncovering the many advantages of virtual appliances
> >>> and start using them to simplify application deployment and
> >>> accelerate your shift to cloud computing.
> >>> http://p.sf.net/sfu/novell-sfdev2dev
> >>> _______________________________________________
> >>> sqlmap-users mailing list
> >>> sql...@li...
> >>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
> >>>
> >>
> >>
> >>
> >> --
> >> Miroslav Stampar
> >>
> >> E-mail / Jabber: miroslav.stampar (at) gmail.com
> >> Mobile: +385921010204 (HR 0921010204)
> >> PGP Key ID: 0xB5397B1B
> >> Location: Zagreb, Croatia
> >>
> >
> >
> >
> > --
> > Miroslav Stampar
> >
> > E-mail / Jabber: miroslav.stampar (at) gmail.com
> > Mobile: +385921010204 (HR 0921010204)
> > PGP Key ID: 0xB5397B1B
> > Location: Zagreb, Croatia
> >
>
>
>
> --
> Andrés Riancho
> Founder, Bonsai - Information Security
> http://www.bonsai-sec.com/
> http://w3af.sf.net/
>
>
> ------------------------------------------------------------------------------
> Start uncovering the many advantages of virtual appliances
> and start using them to simplify application deployment and
> accelerate your shift to cloud computing.
> http://p.sf.net/sfu/novell-sfdev2dev
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>



-- 
------------------------------------------------------------------
潘少华
手机: 13811789330
------------------------------------------------------------------
北京知道创宇信息技术有限公司
地址：北京市回龙观龙腾六区13号楼4单元101
邮编：102200
电话：010-81721153
传真：010-81721153
网址：www.knownsec.com