Re: [sqlmap-users] New SQL Server blind test
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] New SQL Server blind test
|
From: Miroslav S. <mir...@gm...> - 2011-01-18 00:23:20
|
now i am really interested as hell :)) could you please just send one proper payload (use -v 3) which uses this vector? "i want to know" On Tue, Jan 18, 2011 at 1:02 AM, Miroslav Stampar <mir...@gm...> wrote: > Hi Steve. > > Thank you for your patch but I am not sure from SQL's perspective how > this could work? > > So, basically, you are proposing time based sql injection payload (e.g.): > > IF(1=1) WAITFOR DELAY '0:0:1' > > and to be honest, I am not sure in which form, other than "stacked" > this could fit in?? > > KR > > On Tue, Jan 18, 2011 at 12:42 AM, Steve Pinkham <ste...@gm...> wrote: >> Highly based on the "Microsoft SQL Server/Sybase stacked queries" test, >> which was throwing unrelated 500 errors on the ASP application I was >> testing due to the semicolons. This worked for data extraction for me. >> >> Not sure if one or the other of them should be moved to a higher level >> to limit testing time in the general case? Anyone have more experience >> with which one would be more useful? >> >> svn diff based on revision 3014. >> >> Patch licensed under GPLv2 to match the project license, if the patch is >> used. I assume that's the normal procedure for this project? >> -- >> | Steven Pinkham, Security Consultant | >> | http://www.mavensecurity.com | >> | GPG public key ID CD31CAFB | >> >> ------------------------------------------------------------------------------ >> Protect Your Site and Customers from Malware Attacks >> Learn about various malware tactics and how to avoid them. Understand >> malware threats, the impact they can have on your business, and how you >> can protect your company and customers by using code signing. >> http://p.sf.net/sfu/oracle-sfdevnl >> _______________________________________________ >> sqlmap-users mailing list >> sql...@li... >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> >> > > > > -- > Miroslav Stampar > > E-mail / Jabber: miroslav.stampar (at) gmail.com > Mobile: +385921010204 (HR 0921010204) > PGP Key ID: 0xB5397B1B > Location: Zagreb, Croatia > -- Miroslav Stampar E-mail / Jabber: miroslav.stampar (at) gmail.com Mobile: +385921010204 (HR 0921010204) PGP Key ID: 0xB5397B1B Location: Zagreb, Croatia |
