Thread: [sqlmap-users] Providing multiple dbms
Brought to you by:
inquisb
Menu
▾
▴
sqlmap-users
|
From: Sebastian N. <seb...@sy...> - 2013-05-29 15:22:49
Attachments:
signature.asc
|
Hi, is it possible to provide multiple dbms? In some cases, one does know that it might be e.g. MySQL or PostgreSQL or Oracle. all the best, Sebastian Nerz -- Sebastian Nerz Dipl.-Inform. IT-Security Consultant mailto:seb...@sy... ___________________________________________________________ SySS GmbH Wohlboldstraße 8 72072 Tübingen Germany Voice: +49 7071 407856-31 Fax: +49 7071 407856-19 WWW: http://www.syss.de PGP FP: 79DC 2CEC D18D F92F CBB4 AF09 D12D 26A4 9180 FDB2 Geschaeftsfuehrer Sebastian Schreiber Registergericht: Amtsgericht Stuttgart / HRB 382420 Steuernummer: 86118 / 55809 |
|
From: Miroslav S. <mir...@gm...> - 2013-05-29 15:29:23
|
Hi Sebastian. No, it's not possible. The question is why do you want to provide any DBMS in that case? Why don't you just skip the option --dbms and don't use it. sqlmap will then do tests against all possible DBMSes the best it can. Kind regards, Miroslav Stampar On Wed, May 29, 2013 at 5:22 PM, Sebastian Nerz <seb...@sy...>wrote: > Hi, > > is it possible to provide multiple dbms? In some cases, one does know > that it might be e.g. MySQL or PostgreSQL or Oracle. > > all the best, > > Sebastian Nerz > -- > Sebastian Nerz > Dipl.-Inform. > IT-Security Consultant > > mailto:seb...@sy... > ___________________________________________________________ > > SySS GmbH > Wohlboldstraße 8 > 72072 Tübingen > Germany > Voice: +49 7071 407856-31 > Fax: +49 7071 407856-19 > WWW: http://www.syss.de > > PGP FP: 79DC 2CEC D18D F92F CBB4 AF09 D12D 26A4 9180 FDB2 > > Geschaeftsfuehrer Sebastian Schreiber > Registergericht: Amtsgericht Stuttgart / HRB 382420 > Steuernummer: 86118 / 55809 > > > > > ------------------------------------------------------------------------------ > Introducing AppDynamics Lite, a free troubleshooting tool for Java/.NET > Get 100% visibility into your production application - at no cost. > Code-level diagnostics for performance bottlenecks with <2% overhead > Download for free and get started troubleshooting in minutes. > http://p.sf.net/sfu/appdyn_d2d_ap1 > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar http://about.me/stamparm |
|
From: Bernardo D. A. G. <ber...@gm...> - 2013-05-29 15:40:32
|
Sebastian, Launch with --test-filter "MySQL|PostgreSQL|Oracle". sqlmap will only try related payloads. Bernardo On 29 May 2013 16:29, Miroslav Stampar <mir...@gm...> wrote: > Hi Sebastian. > > No, it's not possible. The question is why do you want to provide any DBMS > in that case? Why don't you just skip the option --dbms and don't use it. > sqlmap will then do tests against all possible DBMSes the best it can. > > Kind regards, > Miroslav Stampar > > > On Wed, May 29, 2013 at 5:22 PM, Sebastian Nerz <seb...@sy...> > wrote: >> >> Hi, >> >> is it possible to provide multiple dbms? In some cases, one does know >> that it might be e.g. MySQL or PostgreSQL or Oracle. >> >> all the best, >> >> Sebastian Nerz >> -- >> Sebastian Nerz >> Dipl.-Inform. >> IT-Security Consultant >> >> mailto:seb...@sy... >> ___________________________________________________________ >> >> SySS GmbH >> Wohlboldstraße 8 >> 72072 Tübingen >> Germany >> Voice: +49 7071 407856-31 >> Fax: +49 7071 407856-19 >> WWW: http://www.syss.de >> >> PGP FP: 79DC 2CEC D18D F92F CBB4 AF09 D12D 26A4 9180 FDB2 >> >> Geschaeftsfuehrer Sebastian Schreiber >> Registergericht: Amtsgericht Stuttgart / HRB 382420 >> Steuernummer: 86118 / 55809 >> >> >> >> >> ------------------------------------------------------------------------------ >> Introducing AppDynamics Lite, a free troubleshooting tool for Java/.NET >> Get 100% visibility into your production application - at no cost. >> Code-level diagnostics for performance bottlenecks with <2% overhead >> Download for free and get started troubleshooting in minutes. >> http://p.sf.net/sfu/appdyn_d2d_ap1 >> _______________________________________________ >> sqlmap-users mailing list >> sql...@li... >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> > > > > -- > Miroslav Stampar > http://about.me/stamparm > > ------------------------------------------------------------------------------ > Introducing AppDynamics Lite, a free troubleshooting tool for Java/.NET > Get 100% visibility into your production application - at no cost. > Code-level diagnostics for performance bottlenecks with <2% overhead > Download for free and get started troubleshooting in minutes. > http://p.sf.net/sfu/appdyn_d2d_ap1 > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > -- Bernardo Damele A. G. E-mail / Jabber: bernardo.damele (at) gmail.com Mobile: +447788962949 (UK 07788962949) |
|
From: Miroslav S. <mir...@gm...> - 2013-05-29 15:46:52
|
Hi. Problem with this approach is that only payloads specific for those payloads will be used, skipping all generic ones. To further address the issue suggested option is: --test-filter "MySQL|PostgreSQL|Oracle|Generic" Nevertheless, in vast majority of cases, default sqlmap run and/or --level=5 --risk=3 is more recommended (at least in your case) than --test-filter. Kind regards, Miroslav Stampar On Wed, May 29, 2013 at 5:40 PM, Bernardo Damele A. G. < ber...@gm...> wrote: > Sebastian, > > Launch with --test-filter "MySQL|PostgreSQL|Oracle". sqlmap will only > try related payloads. > > Bernardo > > > On 29 May 2013 16:29, Miroslav Stampar <mir...@gm...> wrote: > > Hi Sebastian. > > > > No, it's not possible. The question is why do you want to provide any > DBMS > > in that case? Why don't you just skip the option --dbms and don't use it. > > sqlmap will then do tests against all possible DBMSes the best it can. > > > > Kind regards, > > Miroslav Stampar > > > > > > On Wed, May 29, 2013 at 5:22 PM, Sebastian Nerz <seb...@sy...> > > wrote: > >> > >> Hi, > >> > >> is it possible to provide multiple dbms? In some cases, one does know > >> that it might be e.g. MySQL or PostgreSQL or Oracle. > >> > >> all the best, > >> > >> Sebastian Nerz > >> -- > >> Sebastian Nerz > >> Dipl.-Inform. > >> IT-Security Consultant > >> > >> mailto:seb...@sy... > >> ___________________________________________________________ > >> > >> SySS GmbH > >> Wohlboldstraße 8 > >> 72072 Tübingen > >> Germany > >> Voice: +49 7071 407856-31 > >> Fax: +49 7071 407856-19 > >> WWW: http://www.syss.de > >> > >> PGP FP: 79DC 2CEC D18D F92F CBB4 AF09 D12D 26A4 9180 FDB2 > >> > >> Geschaeftsfuehrer Sebastian Schreiber > >> Registergericht: Amtsgericht Stuttgart / HRB 382420 > >> Steuernummer: 86118 / 55809 > >> > >> > >> > >> > >> > ------------------------------------------------------------------------------ > >> Introducing AppDynamics Lite, a free troubleshooting tool for Java/.NET > >> Get 100% visibility into your production application - at no cost. > >> Code-level diagnostics for performance bottlenecks with <2% overhead > >> Download for free and get started troubleshooting in minutes. > >> http://p.sf.net/sfu/appdyn_d2d_ap1 > >> _______________________________________________ > >> sqlmap-users mailing list > >> sql...@li... > >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users > >> > > > > > > > > -- > > Miroslav Stampar > > http://about.me/stamparm > > > > > ------------------------------------------------------------------------------ > > Introducing AppDynamics Lite, a free troubleshooting tool for Java/.NET > > Get 100% visibility into your production application - at no cost. > > Code-level diagnostics for performance bottlenecks with <2% overhead > > Download for free and get started troubleshooting in minutes. > > http://p.sf.net/sfu/appdyn_d2d_ap1 > > _______________________________________________ > > sqlmap-users mailing list > > sql...@li... > > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > > > > > -- > Bernardo Damele A. G. > > E-mail / Jabber: bernardo.damele (at) gmail.com > Mobile: +447788962949 (UK 07788962949) > -- Miroslav Stampar http://about.me/stamparm |
|
From: Miroslav S. <mir...@gm...> - 2013-05-29 15:48:53
|
p.s. correction of mistype: "payloads specific for those payloads" -> "payloads specific for those DBMSes" On Wed, May 29, 2013 at 5:46 PM, Miroslav Stampar < mir...@gm...> wrote: > Hi. > > Problem with this approach is that only payloads specific for those > payloads will be used, skipping all generic ones. > > To further address the issue suggested option is: > --test-filter "MySQL|PostgreSQL|Oracle|Generic" > > Nevertheless, in vast majority of cases, default sqlmap run and/or > --level=5 --risk=3 is more recommended (at least in your case) than > --test-filter. > > Kind regards, > Miroslav Stampar > > > On Wed, May 29, 2013 at 5:40 PM, Bernardo Damele A. G. < > ber...@gm...> wrote: > >> Sebastian, >> >> Launch with --test-filter "MySQL|PostgreSQL|Oracle". sqlmap will only >> try related payloads. >> >> Bernardo >> >> >> On 29 May 2013 16:29, Miroslav Stampar <mir...@gm...> >> wrote: >> > Hi Sebastian. >> > >> > No, it's not possible. The question is why do you want to provide any >> DBMS >> > in that case? Why don't you just skip the option --dbms and don't use >> it. >> > sqlmap will then do tests against all possible DBMSes the best it can. >> > >> > Kind regards, >> > Miroslav Stampar >> > >> > >> > On Wed, May 29, 2013 at 5:22 PM, Sebastian Nerz <seb...@sy... >> > >> > wrote: >> >> >> >> Hi, >> >> >> >> is it possible to provide multiple dbms? In some cases, one does know >> >> that it might be e.g. MySQL or PostgreSQL or Oracle. >> >> >> >> all the best, >> >> >> >> Sebastian Nerz >> >> -- >> >> Sebastian Nerz >> >> Dipl.-Inform. >> >> IT-Security Consultant >> >> >> >> mailto:seb...@sy... >> >> ___________________________________________________________ >> >> >> >> SySS GmbH >> >> Wohlboldstraße 8 >> >> 72072 Tübingen >> >> Germany >> >> Voice: +49 7071 407856-31 >> >> Fax: +49 7071 407856-19 >> >> WWW: http://www.syss.de >> >> >> >> PGP FP: 79DC 2CEC D18D F92F CBB4 AF09 D12D 26A4 9180 FDB2 >> >> >> >> Geschaeftsfuehrer Sebastian Schreiber >> >> Registergericht: Amtsgericht Stuttgart / HRB 382420 >> >> Steuernummer: 86118 / 55809 >> >> >> >> >> >> >> >> >> >> >> ------------------------------------------------------------------------------ >> >> Introducing AppDynamics Lite, a free troubleshooting tool for Java/.NET >> >> Get 100% visibility into your production application - at no cost. >> >> Code-level diagnostics for performance bottlenecks with <2% overhead >> >> Download for free and get started troubleshooting in minutes. >> >> http://p.sf.net/sfu/appdyn_d2d_ap1 >> >> _______________________________________________ >> >> sqlmap-users mailing list >> >> sql...@li... >> >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> >> >> > >> > >> > >> > -- >> > Miroslav Stampar >> > http://about.me/stamparm >> > >> > >> ------------------------------------------------------------------------------ >> > Introducing AppDynamics Lite, a free troubleshooting tool for Java/.NET >> > Get 100% visibility into your production application - at no cost. >> > Code-level diagnostics for performance bottlenecks with <2% overhead >> > Download for free and get started troubleshooting in minutes. >> > http://p.sf.net/sfu/appdyn_d2d_ap1 >> > _______________________________________________ >> > sqlmap-users mailing list >> > sql...@li... >> > https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> > >> >> >> >> -- >> Bernardo Damele A. G. >> >> E-mail / Jabber: bernardo.damele (at) gmail.com >> Mobile: +447788962949 (UK 07788962949) >> > > > > -- > Miroslav Stampar > http://about.me/stamparm > -- Miroslav Stampar http://about.me/stamparm |
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X