Re: [sqlmap-users] New SQL Server blind test
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] New SQL Server blind test
|
From: Miroslav S. <mir...@gm...> - 2011-01-18 00:02:59
|
Hi Steve. Thank you for your patch but I am not sure from SQL's perspective how this could work? So, basically, you are proposing time based sql injection payload (e.g.): IF(1=1) WAITFOR DELAY '0:0:1' and to be honest, I am not sure in which form, other than "stacked" this could fit in?? KR On Tue, Jan 18, 2011 at 12:42 AM, Steve Pinkham <ste...@gm...> wrote: > Highly based on the "Microsoft SQL Server/Sybase stacked queries" test, > which was throwing unrelated 500 errors on the ASP application I was > testing due to the semicolons. This worked for data extraction for me. > > Not sure if one or the other of them should be moved to a higher level > to limit testing time in the general case? Anyone have more experience > with which one would be more useful? > > svn diff based on revision 3014. > > Patch licensed under GPLv2 to match the project license, if the patch is > used. I assume that's the normal procedure for this project? > -- > | Steven Pinkham, Security Consultant | > | http://www.mavensecurity.com | > | GPG public key ID CD31CAFB | > > ------------------------------------------------------------------------------ > Protect Your Site and Customers from Malware Attacks > Learn about various malware tactics and how to avoid them. Understand > malware threats, the impact they can have on your business, and how you > can protect your company and customers by using code signing. > http://p.sf.net/sfu/oracle-sfdevnl > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar E-mail / Jabber: miroslav.stampar (at) gmail.com Mobile: +385921010204 (HR 0921010204) PGP Key ID: 0xB5397B1B Location: Zagreb, Croatia |
