Re: [sqlmap-users] Ctrl+C in detection phase
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] Ctrl+C in detection phase
|
From: Miroslav S. <mir...@gm...> - 2011-02-15 21:37:48
|
Hi David. Could you please explain a bit? What's the difference between current (S)kip test and your proposed (o)ther test? Skip test should skip to the next test in the list. Maybe we should rename it to the (S)kip current test. kr On Tue, Feb 15, 2011 at 10:32 PM, David Guimaraes <sk...@gm...> wrote: > Hello, can I suggest a new feature? Why not put an option to advance to the > next testing inside detection phase? > > Hypothetical example: > > [18:32:52] [INFO] testing 'Microsoft SQL Server/Sybase AND error-based - > WHERE or HAVING clause' > [18:32:52] [PAYLOAD] 1499) AND > 1366=CONVERT(INT,(CHAR(58)+CHAR(117)+CHAR(117)+CHAR(117)+CHAR(58)+(SELECT > (CASE WHEN (1366=1366) THEN CHAR(49) ELSE CHAR(48) > END))+CHAR(58)+CHAR(99)+CHAR(103)+CHAR(109)+CHAR(58))) AND (3656=3656 > ^C[18:32:52] [WARNING] Ctrl+C detected in detection phase > How do you want to proceed? [(o)ther payload test/(S)kip test/(e)nd > detection phase/(n)ext parameter/(q)uit] o > [18:32:54] [PAYLOAD] 1499' AND > 1366=CONVERT(INT,(CHAR(58)+CHAR(117)+CHAR(117)+CHAR(117)+CHAR(58)+(SELECT > (CASE WHEN (1366=1366) THEN CHAR(49) ELSE CHAR(48) > END))+CHAR(58)+CHAR(99)+CHAR(103)+CHAR(109)+CHAR(58))) AND '3656'='3656 > [18:32:54] [PAYLOAD] 1499 AND > 1366=CONVERT(INT,(CHAR(58)+CHAR(117)+CHAR(117)+CHAR(117)+CHAR(58)+(SELECT > (CASE WHEN (1366=1366) THEN CHAR(49) ELSE CHAR(48) > END))+CHAR(58)+CHAR(99)+CHAR(103)+CHAR(109)+CHAR(58))) AND 3656=3656 > > Why? Because there is some cases where the actual testing query hang the > server (as i am suffering this right now with the first payload query) and > the detection phase can't continue(try to reconnect or increasing the > read-timeout don't work)... so, with this option, there is some chance that > another payload with less or more brackets or quotation marks, could > succeed. > > Just an suggestion =) > > David > > ------------------------------------------------------------------------------ > The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE: > Pinpoint memory and threading errors before they happen. > Find and fix more than 250 security defects in the development cycle. > Locate bottlenecks in serial and parallel code that limit performance. > http://p.sf.net/sfu/intel-dev2devfeb > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar E-mail: miroslav.stampar (at) gmail.com Alternate: miroslav.stampar (at) mail.ru PGP Key ID: 0xB5397B1B Location: Zagreb, Croatia |
