Re: [sqlmap-users] suggestion - per character verify option
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] suggestion - per character verify option
|
From: Miroslav S. <mir...@gm...> - 2011-01-31 16:19:17
|
:) On Mon, Jan 31, 2011 at 5:12 PM, Andres Riancho <and...@gm...> wrote: > On Mon, Jan 31, 2011 at 1:08 PM, Miroslav Stampar > <mir...@gm...> wrote: >> Hi. >> >> Implemented (r3154). > > You guys rock. > >> Now every character retrieved via time-based inference is "fast" >> verified after it has been retrieved (if unequal there is a time delay >> and the retrieval is repeated for that character). That "validation" >> is also prone to errors, but I must admit that with it quality of data >> retrieval (in time based techniques) is going way up. >> >> KR >> >> On Tue, Jan 18, 2011 at 12:34 AM, Miroslav Stampar >> <mir...@gm...> wrote: >>> ...but still, i must say that this is quite good idea: >>> >>> "One way to increase the quality with little speed overhead would be an >>> option to verify the character result of the blind binary search using >>> an equals query and restarting just that character if the answer is not >>> correct." >>> >>> and we'll try to implement it >>> >>> kr >>> >>> On Tue, Jan 18, 2011 at 12:31 AM, Miroslav Stampar >>> <mir...@gm...> wrote: >>>> Hi Steve. >>>> >>>> We can consider some mechanisms to improve it, but first of all keep it real. >>>> >>>> We are talking about a most delicate sql injection technique which is >>>> highly prone to "outside entropy". It's precision is directly >>>> inversely proportional to the time needed to retrieve all data, and >>>> nobody wants to wait for some "useful" data "too long". >>>> >>>> So, IMHO, I am aware that here and there some character can go wrong >>>> (either caused by line used or some change of the web servers load) >>>> but still info retrieved is prone to personal filtration (in this case >>>> everybody is aware that that 'A' there is a junk character). >>>> >>>> KR >>>> >>>> On Tue, Jan 18, 2011 at 12:17 AM, Steve Pinkham <ste...@gm...> wrote: >>>>> First off, I'm loving the newest versions of sqlmap.. It's even better >>>>> than ever, and by far my favourite tool in the space. >>>>> >>>>> Now that time-based injection is better supported, one of the side >>>>> effects is that the quality of results has gone down for me. For >>>>> example on a site I'm testing, the banner results are: >>>>> >>>>> Microsoft SQL Seryer 2008 (RTM) - 10.0A1600.22 (X64) >>>>> Where is should probably be >>>>> Microsoft SQL Server 2008 (RTM) - 10.0.1600.22 (X64) >>>>> >>>>> And this is with a 20 second delay! >>>>> >>>>> One way to increase the quality with little speed overhead would be an >>>>> option to verify the character result of the blind binary search using >>>>> an equals query and restarting just that character if the answer is not >>>>> correct. >>>>> >>>>> This should only add one request per character, and be much more time >>>>> efficient than using a longer delay, using a safe url in between every >>>>> request, or other mitigations that would increase the result quality at >>>>> higher cost. >>>>> >>>>> Any thoughts? >>>>> -- >>>>> | Steven Pinkham, Security Consultant | >>>>> | http://www.mavensecurity.com | >>>>> | GPG public key ID CD31CAFB | >>>>> >>>>> >>>>> ------------------------------------------------------------------------------ >>>>> Protect Your Site and Customers from Malware Attacks >>>>> Learn about various malware tactics and how to avoid them. Understand >>>>> malware threats, the impact they can have on your business, and how you >>>>> can protect your company and customers by using code signing. >>>>> http://p.sf.net/sfu/oracle-sfdevnl >>>>> _______________________________________________ >>>>> sqlmap-users mailing list >>>>> sql...@li... >>>>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >>>>> >>>>> >>>> >>>> >>>> >>>> -- >>>> Miroslav Stampar >>>> >>>> E-mail / Jabber: miroslav.stampar (at) gmail.com >>>> Mobile: +385921010204 (HR 0921010204) >>>> PGP Key ID: 0xB5397B1B >>>> Location: Zagreb, Croatia >>>> >>> >>> >>> >>> -- >>> Miroslav Stampar >>> >>> E-mail / Jabber: miroslav.stampar (at) gmail.com >>> Mobile: +385921010204 (HR 0921010204) >>> PGP Key ID: 0xB5397B1B >>> Location: Zagreb, Croatia >>> >> >> >> >> -- >> Miroslav Stampar >> >> E-mail / Jabber: miroslav.stampar (at) gmail.com >> Mobile: +385921010204 (HR 0921010204) >> PGP Key ID: 0xB5397B1B >> Location: Zagreb, Croatia >> >> ------------------------------------------------------------------------------ >> Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)! >> Finally, a world-class log management solution at an even better price-free! >> Download using promo code Free_Logger_4_Dev2Dev. Offer expires >> February 28th, so secure your free ArcSight Logger TODAY! >> http://p.sf.net/sfu/arcsight-sfd2d >> _______________________________________________ >> sqlmap-users mailing list >> sql...@li... >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> > > > > -- > Andrés Riancho > Director of Web Security at Rapid7 LLC > Founder at Bonsai Information Security > Project Leader at w3af > -- Miroslav Stampar E-mail / Jabber: miroslav.stampar (at) gmail.com Mobile: +385921010204 (HR 0921010204) PGP Key ID: 0xB5397B1B Location: Zagreb, Croatia |
