Re: [sqlmap-users] Comparative precomputation
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] Comparative precomputation
|
From: Miroslav S. <mir...@gm...> - 2013-02-20 07:15:37
|
Hi. In theory this works, in practice it doesn't. We already overturned 2-3 guys proposing this. Today's pages are too dynamic (banners, promos, etc.). Also, you would need a parameter value with a big covering range (lots of different values). Also, whoever wrote this don't have a clue about this subject: ' The attacker would then take a checksum of the returned html data'. This is being done in kiddish scripts. Real SQLi tool knows that checksum is faaar from reliable. Anyway, answer is no. Kind regards, Miroslav Stampar On Feb 20, 2013 2:11 AM, "Julius Kivimäki" <jul...@gm...> wrote: > Should probably look into adding this, > http://www.blackhatlibrary.net/SQL_injection/Blind/Comparative_precomputation > > ------------------------------------------------------------------------------ > Everyone hates slow websites. So do we. > Make your web apps faster with AppDynamics > Download AppDynamics Lite for free today: > http://p.sf.net/sfu/appdyn_d2d_feb > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > |
