Re: [sqlmap-users] Adding regexp technique
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] Adding regexp technique
|
From: Miroslav S. <mir...@gm...> - 2012-09-27 08:12:07
|
Hi Jerome. Could you explain how "regexp attacks" are different than blind-based inference (in terms of "faster")? Could you explain how "regexp attacks" could be used in time-based attacks (in terms of "faster") in real life situations where network lags are non-deterministic? My 2-cents. That paper is known to me from the time it got out. Personally I don't like it because here and there I need to explain what's wrong with it. It's an example what "far fetched" means. Last couple of graphs are doing a comparison between "normal" and "regex", while that what is called "normal" is not used anywhere. What they are calling a "normal" is nothing else than a sequential lookup for a character value. Anyone normal is using at least some kind of O(Log2n) binary search in their tools/scripts. In short, "regexp attack" is the same thing as any other binary search method. We use in sqlmap an approach that is graphically described at [1]. Also, you are welcome to watch for all the payloads that are coming out from sqlmap in `--technique=B` mode by using `-v 3`. Count them down per each character and freely compare to their results. Kind regards, Miroslav Stampar [1] Slide 35, http://www.slideshare.net/stamparm/euro-python-2011miroslavstamparsqlmapsecuritydevelopmentinpython On Wed, Sep 26, 2012 at 8:13 PM, Jerome Athias <ath...@gm...>wrote: > Hi, > > I am currently trying to add the support of the regexp technique ( > http://www.ihteam.net/papers/blind-sqli-regexp-attack.pdf ) for blind > sqli. > It is faster than Time-based blind SQL injection. > I have some problems to define the correct queries and payloads in the > xml files. > Did someone already worked on it? > > Regards > /JA > > > ------------------------------------------------------------------------------ > How fast is your code? > 3 out of 4 devs don\\\'t know how their code performs in production. > Find out how slow your code is with AppDynamics Lite. > http://ad.doubleclick.net/clk;262219672;13503038;z? > http://info.appdynamics.com/FreeJavaPerformanceDownload.html > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > -- Miroslav Stampar http://about.me/stamparm |
