Re: [sqlmap-users] suggestion - per character verify option
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] suggestion - per character verify option
|
From: Andres R. <and...@gm...> - 2011-01-31 16:13:08
|
On Mon, Jan 31, 2011 at 1:08 PM, Miroslav Stampar <mir...@gm...> wrote: > Hi. > > Implemented (r3154). You guys rock. > Now every character retrieved via time-based inference is "fast" > verified after it has been retrieved (if unequal there is a time delay > and the retrieval is repeated for that character). That "validation" > is also prone to errors, but I must admit that with it quality of data > retrieval (in time based techniques) is going way up. > > KR > > On Tue, Jan 18, 2011 at 12:34 AM, Miroslav Stampar > <mir...@gm...> wrote: >> ...but still, i must say that this is quite good idea: >> >> "One way to increase the quality with little speed overhead would be an >> option to verify the character result of the blind binary search using >> an equals query and restarting just that character if the answer is not >> correct." >> >> and we'll try to implement it >> >> kr >> >> On Tue, Jan 18, 2011 at 12:31 AM, Miroslav Stampar >> <mir...@gm...> wrote: >>> Hi Steve. >>> >>> We can consider some mechanisms to improve it, but first of all keep it real. >>> >>> We are talking about a most delicate sql injection technique which is >>> highly prone to "outside entropy". It's precision is directly >>> inversely proportional to the time needed to retrieve all data, and >>> nobody wants to wait for some "useful" data "too long". >>> >>> So, IMHO, I am aware that here and there some character can go wrong >>> (either caused by line used or some change of the web servers load) >>> but still info retrieved is prone to personal filtration (in this case >>> everybody is aware that that 'A' there is a junk character). >>> >>> KR >>> >>> On Tue, Jan 18, 2011 at 12:17 AM, Steve Pinkham <ste...@gm...> wrote: >>>> First off, I'm loving the newest versions of sqlmap.. It's even better >>>> than ever, and by far my favourite tool in the space. >>>> >>>> Now that time-based injection is better supported, one of the side >>>> effects is that the quality of results has gone down for me. For >>>> example on a site I'm testing, the banner results are: >>>> >>>> Microsoft SQL Seryer 2008 (RTM) - 10.0A1600.22 (X64) >>>> Where is should probably be >>>> Microsoft SQL Server 2008 (RTM) - 10.0.1600.22 (X64) >>>> >>>> And this is with a 20 second delay! >>>> >>>> One way to increase the quality with little speed overhead would be an >>>> option to verify the character result of the blind binary search using >>>> an equals query and restarting just that character if the answer is not >>>> correct. >>>> >>>> This should only add one request per character, and be much more time >>>> efficient than using a longer delay, using a safe url in between every >>>> request, or other mitigations that would increase the result quality at >>>> higher cost. >>>> >>>> Any thoughts? >>>> -- >>>> | Steven Pinkham, Security Consultant | >>>> | http://www.mavensecurity.com | >>>> | GPG public key ID CD31CAFB | >>>> >>>> >>>> ------------------------------------------------------------------------------ >>>> Protect Your Site and Customers from Malware Attacks >>>> Learn about various malware tactics and how to avoid them. Understand >>>> malware threats, the impact they can have on your business, and how you >>>> can protect your company and customers by using code signing. >>>> http://p.sf.net/sfu/oracle-sfdevnl >>>> _______________________________________________ >>>> sqlmap-users mailing list >>>> sql...@li... >>>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >>>> >>>> >>> >>> >>> >>> -- >>> Miroslav Stampar >>> >>> E-mail / Jabber: miroslav.stampar (at) gmail.com >>> Mobile: +385921010204 (HR 0921010204) >>> PGP Key ID: 0xB5397B1B >>> Location: Zagreb, Croatia >>> >> >> >> >> -- >> Miroslav Stampar >> >> E-mail / Jabber: miroslav.stampar (at) gmail.com >> Mobile: +385921010204 (HR 0921010204) >> PGP Key ID: 0xB5397B1B >> Location: Zagreb, Croatia >> > > > > -- > Miroslav Stampar > > E-mail / Jabber: miroslav.stampar (at) gmail.com > Mobile: +385921010204 (HR 0921010204) > PGP Key ID: 0xB5397B1B > Location: Zagreb, Croatia > > ------------------------------------------------------------------------------ > Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)! > Finally, a world-class log management solution at an even better price-free! > Download using promo code Free_Logger_4_Dev2Dev. Offer expires > February 28th, so secure your free ArcSight Logger TODAY! > http://p.sf.net/sfu/arcsight-sfd2d > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > -- Andrés Riancho Director of Web Security at Rapid7 LLC Founder at Bonsai Information Security Project Leader at w3af |
