Re: [sqlmap-users] Planning sqlmap 1.0
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] Planning sqlmap 1.0
|
From: <bu...@gm...> - 2011-05-04 12:27:49
|
On 05/04/2011 12:15 PM, Bernardo Damele A. G. wrote: > * Confirm injection in another page (feature requested by someone on > the mailing list) Great! > * Implement out-of-band for data fetching: we may possibly implement > this. It would be split down in the following functions: > * HTTP requests (Oracle UTL_HTTP) > * UNC paths (can be done in all DBMS afaik) > * openrowset (to replicate dbms remotely on MSSQL) > * db_link() (to replicate dbms remotely on PgSQL) Will this also include DNS based exfiltration? (UTL_INADDR, ..) http://article.gmane.org/gmane.comp.security.sqlmap/1073 |
