Re: [sqlmap-users] DNS Exfiltration
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] DNS Exfiltration
|
From: <bu...@gm...> - 2012-02-21 20:14:58
|
On 02/24/2011 11:43 AM, Bernardo Damele A. G. wrote: > Hi, > > There exist two families of out-of-band techniques: > > * oob to takeover the database server and get command execution on the > underlying os: sqlmap implements several techniques to achieve this > already both via tcp and icmp channel. Support for takeover oob via > dns channel (udp) is planned and will be possibly added to 1.0. > > * oob to exfiltrate data from the database: you refer to this. sqlmap > does not implement yet any technique. This can be achieved on a number > of dbms via either tcp or udp channels (mssql openrowset, pgsql > db_link, oracle utl_*, ...) This is planned and will potentially make > it for 1.0 release. What is the current state on DNS exfiltration in sqlmap? thanks, buawig |
