Re: [sqlmap-users] UNION based sqli
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] UNION based sqli
|
From: Miroslav S. <mir...@gm...> - 2011-04-05 06:16:32
|
hi Mauricio. the assumption is that you are using the latest v0.9/dev. if you are getting only "boolean-based blind" as the result of detection phase then that's the only technique that can be used in further steps. but, if you are getting more of techniques, then they'll be used in their speed order - 1) UNION, 2) ERROR, 3) BLIND, 4) TIMED, 5) STACKED all techniques can be used for all enumerations in case that you are not getting UNION technique as a result of the detection phase then it would be good to use something like: --level=3 --risk=2 (more techniques and boundary prefixes/suffixes will be used) in the default run there will be a test against a UNION based injection up to 10 columns, but with higher level it will test more (e.g. --level=2 --> 1-10 & 10-20; --level=3 --> 1-10 & 10-20 & 20-30). in case that you know number of columns to be between 10 and 15 you can use default settings and only put --union-cols=10-15 one more thing about information_schema database. assumption is that the MySQL DBMS is > 4 and that there are no read restrictions on it. kr On Tue, Apr 5, 2011 at 7:56 AM, Mauricio Velazco <mau...@gm...> wrote: > Hey all. > > First id like to congratulate the team for the great tool and for sharing. > Im testing sqlmap on a local script i've created. > > When i try to fingerprint the DBMS sqlmap starts using : > > Type: boolean-based blind > Title: AND boolean-based blind - WHERE or HAVING clause > > to do it. So its using a sqli blind technique to fetch the contents. I know > that this script supports UNION based inyections which would be much faster > to do. so my question is > > 1) Does sqlmap have a funcionality to fingerprint the contents of > information_schema.tables and information_schema.colums via a UNION based > inyection in order to get the databases, tables and columns ? > > 2) If so, which are the parameters to use ? > > Thanks in Advance, > > Mauricio > > ------------------------------------------------------------------------------ > Xperia(TM) PLAY > It's a major breakthrough. An authentic gaming > smartphone on the nation's most reliable network. > And it wants your games. > http://p.sf.net/sfu/verizon-sfdev > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar E-mail: miroslav.stampar (at) gmail.com PGP Key ID: 0xB5397B1B |
