Thread: [sqlmap-users] Feature Request - Select Specific Test
Brought to you by:
inquisb
Menu
▾
▴
sqlmap-users
|
From: Yori K. <yo...@co...> - 2012-06-13 20:50:04
|
Hey Everyone, New to the list but have been using sqlmap for a while now. I recently participated in a CTF with an interesting blind, filter bypass sql injection. Lots of restrictions. I set a challenge for myself to solve it using sqlmap and managed to get it working with some effort. Of the changes I had to make to get it to work included modifications to queries.xml as well as specific arguments, but most of what I'm going to request here is about payloads.xml. In trying to solve the challenge, I realized I needed to make sqlmap laser focus on a single test. This was both for false negative reduction, number of queries sent, and time limit. I did this myself by removing every other test from payloads.xml but it brought to mind the idea of being able to specify a test via command line arguments. You can specify pretty much everything else on the command line, so the added granularity would be nice. My philosophy on sql injection is that testing for it should be done manually, then once found, get a tool like sqlmap to work with it and perform all the time consuming brute forcing work for you. With that in mind it makes sense to be able to specify a test/payload combination that you have found and you know is working. Thanks for your consideration. Excellent work on the tool. - Yori |
|
From: Miroslav S. <mir...@gm...> - 2012-06-13 22:42:34
|
Hi Yori. "With that in mind it makes sense to be able to specify a test/payload combination that you have found and you know is working." We already have two mechanisms for such thing: 1) --prefix/--suffix where you can specify what are the prefix and suffix of SQL injection vector (e.g. --prefix="'" --suffix="-- " ) 2) --test-filter (hidden this moment) where you can target a specific test by it's name or payload (e.g. --test-filter="ROW" would trigger MySQL error-based injection test based on old ROW(..,..)>... technique) Now, please, if you have something other on your mind please tell so we could discuss and maybe find some other mechanism (if those 2 don't satisfy your needs) Kind regards, Miroslav Stampar On Wed, Jun 13, 2012 at 10:19 PM, Yori Kvitchko < yo...@co...> wrote: > Hey Everyone, > > New to the list but have been using sqlmap for a while now. I recently > participated in a CTF with an interesting blind, filter bypass sql > injection. Lots of restrictions. I set a challenge for myself to solve > it using sqlmap and managed to get it working with some effort. Of the > changes I had to make to get it to work included modifications to > queries.xml as well as specific arguments, but most of what I'm going to > request here is about payloads.xml. > > In trying to solve the challenge, I realized I needed to make sqlmap > laser focus on a single test. This was both for false negative > reduction, number of queries sent, and time limit. I did this myself by > removing every other test from payloads.xml but it brought to mind the > idea of being able to specify a test via command line arguments. You can > specify pretty much everything else on the command line, so the added > granularity would be nice. > > My philosophy on sql injection is that testing for it should be done > manually, then once found, get a tool like sqlmap to work with it and > perform all the time consuming brute forcing work for you. With that in > mind it makes sense to be able to specify a test/payload combination > that you have found and you know is working. > > Thanks for your consideration. Excellent work on the tool. > > - Yori > > > ------------------------------------------------------------------------------ > Live Security Virtual Conference > Exclusive live event will cover all the ways today's security and > threat landscape has changed and how IT managers can respond. Discussions > will include endpoint security, mobile security and the latest in malware > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > -- Miroslav Stampar http://about.me/stamparm |
|
From: Yori K. <yo...@co...> - 2012-06-14 13:50:05
|
Miroslav, It looks like --test-filter is what I need. I don't need a custom suffix and prefix, I just need to force sqlmap to use a specific test it already has in its collection of payloads.xml and only that test. If I can use test-filter to select exactly the test I need and sqlmap will only use that one, then I think my needs are filled. Much appreciated. - Yori On 6/13/2012 6:42 PM, Miroslav Stampar wrote: > Hi Yori. > > "With that in mind it makes sense to be able to specify a test/payload > combination that you have found and you know is working." > > We already have two mechanisms for such thing: > 1) --prefix/--suffix where you can specify what are the prefix and > suffix of SQL injection vector (e.g. --prefix="'" --suffix="-- " ) > 2) --test-filter (hidden this moment) where you can target a specific > test by it's name or payload (e.g. --test-filter="ROW" would trigger > MySQL error-based injection test based on old ROW(..,..)>... technique) > > Now, please, if you have something other on your mind please tell so > we could discuss and maybe find some other mechanism (if those 2 don't > satisfy your needs) > > Kind regards, > Miroslav Stampar > > On Wed, Jun 13, 2012 at 10:19 PM, Yori Kvitchko > <yo...@co... > <mailto:yo...@co...>> wrote: > > Hey Everyone, > > New to the list but have been using sqlmap for a while now. I recently > participated in a CTF with an interesting blind, filter bypass sql > injection. Lots of restrictions. I set a challenge for myself to solve > it using sqlmap and managed to get it working with some effort. Of the > changes I had to make to get it to work included modifications to > queries.xml as well as specific arguments, but most of what I'm > going to > request here is about payloads.xml. > > In trying to solve the challenge, I realized I needed to make sqlmap > laser focus on a single test. This was both for false negative > reduction, number of queries sent, and time limit. I did this > myself by > removing every other test from payloads.xml but it brought to mind the > idea of being able to specify a test via command line arguments. > You can > specify pretty much everything else on the command line, so the added > granularity would be nice. > > My philosophy on sql injection is that testing for it should be done > manually, then once found, get a tool like sqlmap to work with it and > perform all the time consuming brute forcing work for you. With > that in > mind it makes sense to be able to specify a test/payload combination > that you have found and you know is working. > > Thanks for your consideration. Excellent work on the tool. > > - Yori > > ------------------------------------------------------------------------------ > Live Security Virtual Conference > Exclusive live event will cover all the ways today's security and > threat landscape has changed and how IT managers can respond. > Discussions > will include endpoint security, mobile security and the latest in > malware > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > _______________________________________________ > sqlmap-users mailing list > sql...@li... > <mailto:sql...@li...> > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > > > > -- > Miroslav Stampar > http://about.me/stamparm |
|
From: Miroslav S. <mir...@gm...> - 2012-06-14 13:51:20
|
Ok. Cool :) We'll most probably unhide that switch these days as it's a quite usable one Kind regards On Thu, Jun 14, 2012 at 3:49 PM, Yori Kvitchko < yo...@co...> wrote: > Miroslav, > > It looks like --test-filter is what I need. I don't need a custom suffix > and prefix, I just need to force sqlmap to use a specific test it already > has in its collection of payloads.xml and only that test. If I can use > test-filter to select exactly the test I need and sqlmap will only use that > one, then I think my needs are filled. > > Much appreciated. > > - Yori > > On 6/13/2012 6:42 PM, Miroslav Stampar wrote: > > Hi Yori. > > "With that in mind it makes sense to be able to specify a test/payload > combination that you have found and you know is working." > > We already have two mechanisms for such thing: > 1) --prefix/--suffix where you can specify what are the prefix and suffix > of SQL injection vector (e.g. --prefix="'" --suffix="-- " ) > 2) --test-filter (hidden this moment) where you can target a specific test > by it's name or payload (e.g. --test-filter="ROW" would trigger MySQL > error-based injection test based on old ROW(..,..)>... technique) > > Now, please, if you have something other on your mind please tell so we > could discuss and maybe find some other mechanism (if those 2 don't satisfy > your needs) > > Kind regards, > Miroslav Stampar > > On Wed, Jun 13, 2012 at 10:19 PM, Yori Kvitchko < > yo...@co...> wrote: > >> Hey Everyone, >> >> New to the list but have been using sqlmap for a while now. I recently >> participated in a CTF with an interesting blind, filter bypass sql >> injection. Lots of restrictions. I set a challenge for myself to solve >> it using sqlmap and managed to get it working with some effort. Of the >> changes I had to make to get it to work included modifications to >> queries.xml as well as specific arguments, but most of what I'm going to >> request here is about payloads.xml. >> >> In trying to solve the challenge, I realized I needed to make sqlmap >> laser focus on a single test. This was both for false negative >> reduction, number of queries sent, and time limit. I did this myself by >> removing every other test from payloads.xml but it brought to mind the >> idea of being able to specify a test via command line arguments. You can >> specify pretty much everything else on the command line, so the added >> granularity would be nice. >> >> My philosophy on sql injection is that testing for it should be done >> manually, then once found, get a tool like sqlmap to work with it and >> perform all the time consuming brute forcing work for you. With that in >> mind it makes sense to be able to specify a test/payload combination >> that you have found and you know is working. >> >> Thanks for your consideration. Excellent work on the tool. >> >> - Yori >> >> >> ------------------------------------------------------------------------------ >> Live Security Virtual Conference >> Exclusive live event will cover all the ways today's security and >> threat landscape has changed and how IT managers can respond. Discussions >> will include endpoint security, mobile security and the latest in malware >> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ >> _______________________________________________ >> sqlmap-users mailing list >> sql...@li... >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> > > > > -- > Miroslav Stampar > http://about.me/stamparm > > > -- Miroslav Stampar http://about.me/stamparm |
|
From: Miroslav S. <mir...@gm...> - 2012-06-14 14:16:44
|
Find it unhidden with the latest r5123. Kind regards On Thu, Jun 14, 2012 at 3:51 PM, Miroslav Stampar < mir...@gm...> wrote: > Ok. Cool :) > > We'll most probably unhide that switch these days as it's a quite usable > one > > Kind regards > > > On Thu, Jun 14, 2012 at 3:49 PM, Yori Kvitchko < > yo...@co...> wrote: > >> Miroslav, >> >> It looks like --test-filter is what I need. I don't need a custom suffix >> and prefix, I just need to force sqlmap to use a specific test it already >> has in its collection of payloads.xml and only that test. If I can use >> test-filter to select exactly the test I need and sqlmap will only use that >> one, then I think my needs are filled. >> >> Much appreciated. >> >> - Yori >> >> On 6/13/2012 6:42 PM, Miroslav Stampar wrote: >> >> Hi Yori. >> >> "With that in mind it makes sense to be able to specify a test/payload >> combination that you have found and you know is working." >> >> We already have two mechanisms for such thing: >> 1) --prefix/--suffix where you can specify what are the prefix and suffix >> of SQL injection vector (e.g. --prefix="'" --suffix="-- " ) >> 2) --test-filter (hidden this moment) where you can target a specific >> test by it's name or payload (e.g. --test-filter="ROW" would trigger MySQL >> error-based injection test based on old ROW(..,..)>... technique) >> >> Now, please, if you have something other on your mind please tell so we >> could discuss and maybe find some other mechanism (if those 2 don't satisfy >> your needs) >> >> Kind regards, >> Miroslav Stampar >> >> On Wed, Jun 13, 2012 at 10:19 PM, Yori Kvitchko < >> yo...@co...> wrote: >> >>> Hey Everyone, >>> >>> New to the list but have been using sqlmap for a while now. I recently >>> participated in a CTF with an interesting blind, filter bypass sql >>> injection. Lots of restrictions. I set a challenge for myself to solve >>> it using sqlmap and managed to get it working with some effort. Of the >>> changes I had to make to get it to work included modifications to >>> queries.xml as well as specific arguments, but most of what I'm going to >>> request here is about payloads.xml. >>> >>> In trying to solve the challenge, I realized I needed to make sqlmap >>> laser focus on a single test. This was both for false negative >>> reduction, number of queries sent, and time limit. I did this myself by >>> removing every other test from payloads.xml but it brought to mind the >>> idea of being able to specify a test via command line arguments. You can >>> specify pretty much everything else on the command line, so the added >>> granularity would be nice. >>> >>> My philosophy on sql injection is that testing for it should be done >>> manually, then once found, get a tool like sqlmap to work with it and >>> perform all the time consuming brute forcing work for you. With that in >>> mind it makes sense to be able to specify a test/payload combination >>> that you have found and you know is working. >>> >>> Thanks for your consideration. Excellent work on the tool. >>> >>> - Yori >>> >>> >>> ------------------------------------------------------------------------------ >>> Live Security Virtual Conference >>> Exclusive live event will cover all the ways today's security and >>> threat landscape has changed and how IT managers can respond. Discussions >>> will include endpoint security, mobile security and the latest in malware >>> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ >>> _______________________________________________ >>> sqlmap-users mailing list >>> sql...@li... >>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >>> >> >> >> >> -- >> Miroslav Stampar >> http://about.me/stamparm >> >> >> > > > -- > Miroslav Stampar > http://about.me/stamparm > -- Miroslav Stampar http://about.me/stamparm |
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X