Re: [sqlmap-users] check this out
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] check this out
|
From: Miroslav S. <mir...@gm...> - 2011-12-03 19:37:04
|
Hi. This and similar techniques are of no practical value in real life. "Network latency" as the author has mentioned is something undeterministic and in real life you can't just use some fixed predetermined calculated value for it. In real life either something is delayed or is not delayed. "Indexing" or similar time-based techniques that are brought to life once in a month can be implemented and tested on local, or some non-distant remote computer, but anything than that is pure science fiction. I'll repeat, network latency can't be calculated, it's undeterministic and because of those hard facts the optimal and only real-life scenario for time-based payloads is: A) something is delayed or B) something is not delayed (<- this is also a very problematic to "distinguish", so everything than that, I'll repeat, is pure SciFi) Kind regards, Miroslav Stampar On Sat, Dec 3, 2011 at 6:40 PM, Adi Mutu <adi...@ya...> wrote: > Hi guys, > > I haven't watched very closely sqlmap lately, but i wanted to show you > this technique: > http://seclists.org/fulldisclosure/2011/Dec/71 > > What do you think? I don't think it's already in sqlmap, is it? > > Cheers, > A. > > > ------------------------------------------------------------------------------ > All the data continuously generated in your IT infrastructure > contains a definitive record of customers, application performance, > security threats, fraudulent activity, and more. Splunk takes this > data and makes sense of it. IT sense. And common sense. > http://p.sf.net/sfu/splunk-novd2d > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar http://about.me/stamparm |
