[sqlmap-users] Little tip in predict outoup.
Brought to you by:
inquisb
Menu
▾
▴
[sqlmap-users] Little tip in predict outoup.
|
From: Rodrigo Z. S. <rod...@gm...> - 2014-09-07 19:34:58
|
Hi friends. I found a sqlinject in one page before even know this great tool. This work in a simple way: I can get any character from the table, than I convert to number and it download a bank page. (I don't know how translate it to english). Anyway, this page have a unique number. So, I list all 1 to 255 unique number. If my sql download one page, I just compare the number and get the value. With it, I can get anything (even files). But, the sqlmap have a good and very tested way to dump the database. My was a crap. So, how can I translate this to the program? Although it CAN download the database, I can make it more fast. The program get some letters and test with great than a number. I can speed up because every download WILL return one value. But, the ironic is that I will need use only one thread. Lol, this is useless. What is my options :D Just to be clean, I do a sql command, it return, like, id=78, and download one page (I cant get the URL of returned page). After I download it (40kb), I do a small python command to parse the number (just get a text between two text), than just compare in a case and get the value. Any tip? |
