Re: [sqlmap-users] suggestion - per character verify option
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] suggestion - per character verify option
|
From: Miroslav S. <mir...@gm...> - 2011-01-17 23:34:41
|
...but still, i must say that this is quite good idea: "One way to increase the quality with little speed overhead would be an option to verify the character result of the blind binary search using an equals query and restarting just that character if the answer is not correct." and we'll try to implement it kr On Tue, Jan 18, 2011 at 12:31 AM, Miroslav Stampar <mir...@gm...> wrote: > Hi Steve. > > We can consider some mechanisms to improve it, but first of all keep it real. > > We are talking about a most delicate sql injection technique which is > highly prone to "outside entropy". It's precision is directly > inversely proportional to the time needed to retrieve all data, and > nobody wants to wait for some "useful" data "too long". > > So, IMHO, I am aware that here and there some character can go wrong > (either caused by line used or some change of the web servers load) > but still info retrieved is prone to personal filtration (in this case > everybody is aware that that 'A' there is a junk character). > > KR > > On Tue, Jan 18, 2011 at 12:17 AM, Steve Pinkham <ste...@gm...> wrote: >> First off, I'm loving the newest versions of sqlmap.. It's even better >> than ever, and by far my favourite tool in the space. >> >> Now that time-based injection is better supported, one of the side >> effects is that the quality of results has gone down for me. For >> example on a site I'm testing, the banner results are: >> >> Microsoft SQL Seryer 2008 (RTM) - 10.0A1600.22 (X64) >> Where is should probably be >> Microsoft SQL Server 2008 (RTM) - 10.0.1600.22 (X64) >> >> And this is with a 20 second delay! >> >> One way to increase the quality with little speed overhead would be an >> option to verify the character result of the blind binary search using >> an equals query and restarting just that character if the answer is not >> correct. >> >> This should only add one request per character, and be much more time >> efficient than using a longer delay, using a safe url in between every >> request, or other mitigations that would increase the result quality at >> higher cost. >> >> Any thoughts? >> -- >> | Steven Pinkham, Security Consultant | >> | http://www.mavensecurity.com | >> | GPG public key ID CD31CAFB | >> >> >> ------------------------------------------------------------------------------ >> Protect Your Site and Customers from Malware Attacks >> Learn about various malware tactics and how to avoid them. Understand >> malware threats, the impact they can have on your business, and how you >> can protect your company and customers by using code signing. >> http://p.sf.net/sfu/oracle-sfdevnl >> _______________________________________________ >> sqlmap-users mailing list >> sql...@li... >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> >> > > > > -- > Miroslav Stampar > > E-mail / Jabber: miroslav.stampar (at) gmail.com > Mobile: +385921010204 (HR 0921010204) > PGP Key ID: 0xB5397B1B > Location: Zagreb, Croatia > -- Miroslav Stampar E-mail / Jabber: miroslav.stampar (at) gmail.com Mobile: +385921010204 (HR 0921010204) PGP Key ID: 0xB5397B1B Location: Zagreb, Croatia |
