Re: [sqlmap-users] Re-retrieving wrong data?
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] Re-retrieving wrong data?
|
From: Bernardo D. A. G. <ber...@gm...> - 2013-02-13 10:03:31
|
Hi, On 13 February 2013 09:56, Владимир Мартьянов <vil...@gm...> wrote: >> >> Morale of story goes like this. Time-based injections are fragile and you'll need to have LOTS of patience with those. >> > I know... But if it's the only one way I have no choice. Have you considered giving a go to --dns-domain to verify whether or not you could exfiltrate data out-of-band via DNS requests? This has been implemented in sqlmap in mid 2012 and is documented by Miroslav here[1] and here[2]. [1] http://www.slideshare.net/stamparm/dns-exfiltration-using-sqlmap-13163281 [2] http://www.slideshare.net/stamparm/ph-days-2012miroslavstampardataretrievaloverdnsinsqlinjectionattackspaper -- Bernardo Damele A. G. E-mail / Jabber: bernardo.damele (at) gmail.com Mobile: +447788962949 (UK 07788962949) |
