[sqlmap-users] UNION based sqli
Brought to you by:
inquisb
Menu
▾
▴
[sqlmap-users] UNION based sqli
|
From: Mauricio V. <mau...@gm...> - 2011-04-05 05:56:17
|
Hey all.
First id like to congratulate the team for the great tool and for sharing.
Im testing sqlmap on a local script i've created.
When i try to fingerprint the DBMS sqlmap starts using :
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
to do it. So its using a sqli blind technique to fetch the contents. I know
that this script supports UNION based inyections which would be much faster
to do. so my question is
1) Does sqlmap have a funcionality to fingerprint the contents of
information_schema.tables and information_schema.colums via a UNION based
inyection in order to get the databases, tables and columns ?
2) If so, which are the parameters to use ?
Thanks in Advance,
Mauricio
|
