Re: [sqlmap-users] New SQL Server blind test
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] New SQL Server blind test
|
From: Miroslav S. <mir...@gm...> - 2011-01-18 01:25:20
|
ok, fair enough. please just send one of payloads used for data retrieval (something like this one): [02:20:30] [PAYLOAD] 1 AND 9290=IF((ORD(MID((SELECT DISTINCT(IFNULL(CAST(schema_ name AS CHAR), CHAR(32))) FROM information_schema.SCHEMATA LIMIT 0, 1), 1, 1)) > 104), SLEEP(5), 9290) you'll see them with -v 3. you can censor table names. please, i just want to see something workable used for data retrieval (just spot those payloads with '>' inside) kr On Tue, Jan 18, 2011 at 2:20 AM, Steve Pinkham <ste...@gm...> wrote: > On 01/17/2011 07:54 PM, Miroslav Stampar wrote: >> hi again. >> >> have you tried to use it? i am interested in data retrieval part :))))) >> >> (please use -v 3) >> >> kr >> > And yes, I have pulled data with it. That's where the time based data > with a few errors came from before. > > > -- > | Steven Pinkham, Security Consultant | > | http://www.mavensecurity.com | > | GPG public key ID CD31CAFB | > > -- Miroslav Stampar E-mail / Jabber: miroslav.stampar (at) gmail.com Mobile: +385921010204 (HR 0921010204) PGP Key ID: 0xB5397B1B Location: Zagreb, Croatia |
