[sqlmap-users] suggestion - per character verify option
Brought to you by:
inquisb
Menu
▾
▴
[sqlmap-users] suggestion - per character verify option
|
From: Steve P. <ste...@gm...> - 2011-01-17 23:17:21
|
First off, I'm loving the newest versions of sqlmap.. It's even better than ever, and by far my favourite tool in the space. Now that time-based injection is better supported, one of the side effects is that the quality of results has gone down for me. For example on a site I'm testing, the banner results are: Microsoft SQL Seryer 2008 (RTM) - 10.0A1600.22 (X64) Where is should probably be Microsoft SQL Server 2008 (RTM) - 10.0.1600.22 (X64) And this is with a 20 second delay! One way to increase the quality with little speed overhead would be an option to verify the character result of the blind binary search using an equals query and restarting just that character if the answer is not correct. This should only add one request per character, and be much more time efficient than using a longer delay, using a safe url in between every request, or other mitigations that would increase the result quality at higher cost. Any thoughts? -- | Steven Pinkham, Security Consultant | | http://www.mavensecurity.com | | GPG public key ID CD31CAFB | |
