Thread: [sqlmap-users] Call for common table names
Brought to you by:
inquisb
Menu
▾
▴
sqlmap-users
|
From: Miroslav S. <mir...@gm...> - 2010-09-29 12:20:14
|
Hi. We are currently adding new feature into sqlmap for retrieving table names when database (information_) schema is missing and/or sqlmap is unable to extract table names via normal ways. Basic injection vector is: ...AND EXISTS(SELECT 1 FROM <table_name>)... So, if you have some knowledge to share please do. PHP, Joomla, Wordpress,... everything is more than welcome, except database system tables. We have those more than enough ;) Bye. -- Miroslav Stampar E-mail / Jabber: miroslav.stampar (at) gmail.com Mobile: +385921010204 (HR 0921010204) PGP Key ID: 0xB5397B1B Location: Zagreb, Croatia |
|
From: Andres R. <and...@gm...> - 2010-09-29 12:24:33
|
Maybe if you search google's codesearch for "create table ..." inside. sql files and automate the result extraction you would get something really cool :) Regards, -- Andres Riancho El sep 29, 2010 9:21 a.m., "Miroslav Stampar" <mir...@gm...> escribió: Hi. We are currently adding new feature into sqlmap for retrieving table names when database (information_) schema is missing and/or sqlmap is unable to extract table names via normal ways. Basic injection vector is: ...AND EXISTS(SELECT 1 FROM <table_name>)... So, if you have some knowledge to share please do. PHP, Joomla, Wordpress,... everything is more than welcome, except database system tables. We have those more than enough ;) Bye. -- Miroslav Stampar E-mail / Jabber: miroslav.stampar (at) gmail.com Mobile: +385921010204 (HR 0921010204) PGP Key ID: 0xB5397B1B Location: Zagreb, Croatia ------------------------------------------------------------------------------ Start uncovering the many advantages of virtual appliances and start using them to simplify application deployment and accelerate your shift to cloud computing. http://p.sf.net/sfu/novell-sfdev2dev _______________________________________________ sqlmap-users mailing list sql...@li... https://lists.sourceforge.net/lists/listinfo/sqlmap-users |
|
From: Miroslav S. <mir...@gm...> - 2010-09-29 12:28:04
|
to be honest, this is great idea :) i've tried it and it really shows some really cool stuff :) will do this because i am more than interested what will be the results. once again, great idea On Wed, Sep 29, 2010 at 2:24 PM, Andres Riancho <and...@gm...> wrote: > Maybe if you search google's codesearch for "create table ..." inside. sql > files and automate the result extraction you would get something really cool > :) > > Regards, > -- > Andres Riancho > > El sep 29, 2010 9:21 a.m., "Miroslav Stampar" <mir...@gm...> > escribió: > > Hi. > > We are currently adding new feature into sqlmap for retrieving table > names when database (information_) schema is missing and/or sqlmap is > unable to extract table names via normal ways. > > Basic injection vector is: ...AND EXISTS(SELECT 1 FROM <table_name>)... > > So, if you have some knowledge to share please do. > > PHP, Joomla, Wordpress,... everything is more than welcome, except > database system tables. We have those more than enough ;) > > Bye. > > -- > Miroslav Stampar > > E-mail / Jabber: miroslav.stampar (at) gmail.com > Mobile: +385921010204 (HR 0921010204) > PGP Key ID: 0xB5397B1B > Location: Zagreb, Croatia > > ------------------------------------------------------------------------------ > Start uncovering the many advantages of virtual appliances > and start using them to simplify application deployment and > accelerate your shift to cloud computing. > http://p.sf.net/sfu/novell-sfdev2dev > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > -- Miroslav Stampar E-mail / Jabber: miroslav.stampar (at) gmail.com Mobile: +385921010204 (HR 0921010204) PGP Key ID: 0xB5397B1B Location: Zagreb, Croatia |
|
From: Miroslav S. <mir...@gm...> - 2010-09-29 14:45:28
|
program is done. i've run it partially for first 40 pages of Google results and will leave it to run for whole night for the rest. if someone is interested for the complete sorted list of pairs (table_name, count) give me a private mail and i'll send it to you. kind regards. p.s. first ten are at this moment: users,20 user,14 comments,12 sessions,10 categories,10 customers,10 customer,10 orders,9 log,8 category,7 On Wed, Sep 29, 2010 at 2:27 PM, Miroslav Stampar <mir...@gm...> wrote: > to be honest, this is great idea :) > > i've tried it and it really shows some really cool stuff :) > > will do this because i am more than interested what will be the results. > > once again, great idea > > On Wed, Sep 29, 2010 at 2:24 PM, Andres Riancho > <and...@gm...> wrote: >> Maybe if you search google's codesearch for "create table ..." inside. sql >> files and automate the result extraction you would get something really cool >> :) >> >> Regards, >> -- >> Andres Riancho >> >> El sep 29, 2010 9:21 a.m., "Miroslav Stampar" <mir...@gm...> >> escribió: >> >> Hi. >> >> We are currently adding new feature into sqlmap for retrieving table >> names when database (information_) schema is missing and/or sqlmap is >> unable to extract table names via normal ways. >> >> Basic injection vector is: ...AND EXISTS(SELECT 1 FROM <table_name>)... >> >> So, if you have some knowledge to share please do. >> >> PHP, Joomla, Wordpress,... everything is more than welcome, except >> database system tables. We have those more than enough ;) >> >> Bye. >> >> -- >> Miroslav Stampar >> >> E-mail / Jabber: miroslav.stampar (at) gmail.com >> Mobile: +385921010204 (HR 0921010204) >> PGP Key ID: 0xB5397B1B >> Location: Zagreb, Croatia >> >> ------------------------------------------------------------------------------ >> Start uncovering the many advantages of virtual appliances >> and start using them to simplify application deployment and >> accelerate your shift to cloud computing. >> http://p.sf.net/sfu/novell-sfdev2dev >> _______________________________________________ >> sqlmap-users mailing list >> sql...@li... >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> > > > > -- > Miroslav Stampar > > E-mail / Jabber: miroslav.stampar (at) gmail.com > Mobile: +385921010204 (HR 0921010204) > PGP Key ID: 0xB5397B1B > Location: Zagreb, Croatia > -- Miroslav Stampar E-mail / Jabber: miroslav.stampar (at) gmail.com Mobile: +385921010204 (HR 0921010204) PGP Key ID: 0xB5397B1B Location: Zagreb, Croatia |
|
From: Andres R. <and...@gm...> - 2010-09-29 15:08:31
|
I'm more interested in the script :) On Wed, Sep 29, 2010 at 11:38 AM, Miroslav Stampar <mir...@gm...> wrote: > program is done. i've run it partially for first 40 pages of Google > results and will leave it to run for whole night for the rest. > > if someone is interested for the complete sorted list of pairs > (table_name, count) give me a private mail and i'll send it to you. > > kind regards. > > p.s. first ten are at this moment: > > users,20 > user,14 > comments,12 > sessions,10 > categories,10 > customers,10 > customer,10 > orders,9 > log,8 > category,7 > > > On Wed, Sep 29, 2010 at 2:27 PM, Miroslav Stampar > <mir...@gm...> wrote: >> to be honest, this is great idea :) >> >> i've tried it and it really shows some really cool stuff :) >> >> will do this because i am more than interested what will be the results. >> >> once again, great idea >> >> On Wed, Sep 29, 2010 at 2:24 PM, Andres Riancho >> <and...@gm...> wrote: >>> Maybe if you search google's codesearch for "create table ..." inside. sql >>> files and automate the result extraction you would get something really cool >>> :) >>> >>> Regards, >>> -- >>> Andres Riancho >>> >>> El sep 29, 2010 9:21 a.m., "Miroslav Stampar" <mir...@gm...> >>> escribió: >>> >>> Hi. >>> >>> We are currently adding new feature into sqlmap for retrieving table >>> names when database (information_) schema is missing and/or sqlmap is >>> unable to extract table names via normal ways. >>> >>> Basic injection vector is: ...AND EXISTS(SELECT 1 FROM <table_name>)... >>> >>> So, if you have some knowledge to share please do. >>> >>> PHP, Joomla, Wordpress,... everything is more than welcome, except >>> database system tables. We have those more than enough ;) >>> >>> Bye. >>> >>> -- >>> Miroslav Stampar >>> >>> E-mail / Jabber: miroslav.stampar (at) gmail.com >>> Mobile: +385921010204 (HR 0921010204) >>> PGP Key ID: 0xB5397B1B >>> Location: Zagreb, Croatia >>> >>> ------------------------------------------------------------------------------ >>> Start uncovering the many advantages of virtual appliances >>> and start using them to simplify application deployment and >>> accelerate your shift to cloud computing. >>> http://p.sf.net/sfu/novell-sfdev2dev >>> _______________________________________________ >>> sqlmap-users mailing list >>> sql...@li... >>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >>> >> >> >> >> -- >> Miroslav Stampar >> >> E-mail / Jabber: miroslav.stampar (at) gmail.com >> Mobile: +385921010204 (HR 0921010204) >> PGP Key ID: 0xB5397B1B >> Location: Zagreb, Croatia >> > > > > -- > Miroslav Stampar > > E-mail / Jabber: miroslav.stampar (at) gmail.com > Mobile: +385921010204 (HR 0921010204) > PGP Key ID: 0xB5397B1B > Location: Zagreb, Croatia > -- Andrés Riancho Founder, Bonsai - Information Security http://www.bonsai-sec.com/ http://w3af.sf.net/ |
|
From: shaohua p. <pa...@kn...> - 2010-09-29 15:40:41
|
great! after all, this feature really come to true . On Wed, Sep 29, 2010 at 11:08 PM, Andres Riancho <and...@gm...>wrote: > I'm more interested in the script :) > > On Wed, Sep 29, 2010 at 11:38 AM, Miroslav Stampar > <mir...@gm...> wrote: > > program is done. i've run it partially for first 40 pages of Google > > results and will leave it to run for whole night for the rest. > > > > if someone is interested for the complete sorted list of pairs > > (table_name, count) give me a private mail and i'll send it to you. > > > > kind regards. > > > > p.s. first ten are at this moment: > > > > users,20 > > user,14 > > comments,12 > > sessions,10 > > categories,10 > > customers,10 > > customer,10 > > orders,9 > > log,8 > > category,7 > > > > > > On Wed, Sep 29, 2010 at 2:27 PM, Miroslav Stampar > > <mir...@gm...> wrote: > >> to be honest, this is great idea :) > >> > >> i've tried it and it really shows some really cool stuff :) > >> > >> will do this because i am more than interested what will be the results. > >> > >> once again, great idea > >> > >> On Wed, Sep 29, 2010 at 2:24 PM, Andres Riancho > >> <and...@gm...> wrote: > >>> Maybe if you search google's codesearch for "create table ..." inside. > sql > >>> files and automate the result extraction you would get something really > cool > >>> :) > >>> > >>> Regards, > >>> -- > >>> Andres Riancho > >>> > >>> El sep 29, 2010 9:21 a.m., "Miroslav Stampar" < > mir...@gm...> > >>> escribió: > >>> > >>> Hi. > >>> > >>> We are currently adding new feature into sqlmap for retrieving table > >>> names when database (information_) schema is missing and/or sqlmap is > >>> unable to extract table names via normal ways. > >>> > >>> Basic injection vector is: ...AND EXISTS(SELECT 1 FROM <table_name>)... > >>> > >>> So, if you have some knowledge to share please do. > >>> > >>> PHP, Joomla, Wordpress,... everything is more than welcome, except > >>> database system tables. We have those more than enough ;) > >>> > >>> Bye. > >>> > >>> -- > >>> Miroslav Stampar > >>> > >>> E-mail / Jabber: miroslav.stampar (at) gmail.com > >>> Mobile: +385921010204 (HR 0921010204) > >>> PGP Key ID: 0xB5397B1B > >>> Location: Zagreb, Croatia > >>> > >>> > ------------------------------------------------------------------------------ > >>> Start uncovering the many advantages of virtual appliances > >>> and start using them to simplify application deployment and > >>> accelerate your shift to cloud computing. > >>> http://p.sf.net/sfu/novell-sfdev2dev > >>> _______________________________________________ > >>> sqlmap-users mailing list > >>> sql...@li... > >>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users > >>> > >> > >> > >> > >> -- > >> Miroslav Stampar > >> > >> E-mail / Jabber: miroslav.stampar (at) gmail.com > >> Mobile: +385921010204 (HR 0921010204) > >> PGP Key ID: 0xB5397B1B > >> Location: Zagreb, Croatia > >> > > > > > > > > -- > > Miroslav Stampar > > > > E-mail / Jabber: miroslav.stampar (at) gmail.com > > Mobile: +385921010204 (HR 0921010204) > > PGP Key ID: 0xB5397B1B > > Location: Zagreb, Croatia > > > > > > -- > Andrés Riancho > Founder, Bonsai - Information Security > http://www.bonsai-sec.com/ > http://w3af.sf.net/ > > > ------------------------------------------------------------------------------ > Start uncovering the many advantages of virtual appliances > and start using them to simplify application deployment and > accelerate your shift to cloud computing. > http://p.sf.net/sfu/novell-sfdev2dev > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > -- ------------------------------------------------------------------ 潘少华 手机: 13811789330 ------------------------------------------------------------------ 北京知道创宇信息技术有限公司 地址:北京市回龙观龙腾六区13号楼4单元101 邮编:102200 电话:010-81721153 传真:010-81721153 网址:www.knownsec.com |
|
From: Carlos G. V. <car...@gm...> - 2010-09-29 19:34:58
|
I can contribute with spanish common table names... want 'em? 2010/9/29 Andres Riancho <and...@gm...>: > I'm more interested in the script :) > > On Wed, Sep 29, 2010 at 11:38 AM, Miroslav Stampar > <mir...@gm...> wrote: >> program is done. i've run it partially for first 40 pages of Google >> results and will leave it to run for whole night for the rest. >> >> if someone is interested for the complete sorted list of pairs >> (table_name, count) give me a private mail and i'll send it to you. >> >> kind regards. >> >> p.s. first ten are at this moment: >> >> users,20 >> user,14 >> comments,12 >> sessions,10 >> categories,10 >> customers,10 >> customer,10 >> orders,9 >> log,8 >> category,7 >> >> >> On Wed, Sep 29, 2010 at 2:27 PM, Miroslav Stampar >> <mir...@gm...> wrote: >>> to be honest, this is great idea :) >>> >>> i've tried it and it really shows some really cool stuff :) >>> >>> will do this because i am more than interested what will be the results. >>> >>> once again, great idea >>> >>> On Wed, Sep 29, 2010 at 2:24 PM, Andres Riancho >>> <and...@gm...> wrote: >>>> Maybe if you search google's codesearch for "create table ..." inside. sql >>>> files and automate the result extraction you would get something really cool >>>> :) >>>> >>>> Regards, >>>> -- >>>> Andres Riancho >>>> >>>> El sep 29, 2010 9:21 a.m., "Miroslav Stampar" <mir...@gm...> >>>> escribió: >>>> >>>> Hi. >>>> >>>> We are currently adding new feature into sqlmap for retrieving table >>>> names when database (information_) schema is missing and/or sqlmap is >>>> unable to extract table names via normal ways. >>>> >>>> Basic injection vector is: ...AND EXISTS(SELECT 1 FROM <table_name>)... >>>> >>>> So, if you have some knowledge to share please do. >>>> >>>> PHP, Joomla, Wordpress,... everything is more than welcome, except >>>> database system tables. We have those more than enough ;) >>>> >>>> Bye. >>>> >>>> -- >>>> Miroslav Stampar >>>> >>>> E-mail / Jabber: miroslav.stampar (at) gmail.com >>>> Mobile: +385921010204 (HR 0921010204) >>>> PGP Key ID: 0xB5397B1B >>>> Location: Zagreb, Croatia >>>> >>>> ------------------------------------------------------------------------------ >>>> Start uncovering the many advantages of virtual appliances >>>> and start using them to simplify application deployment and >>>> accelerate your shift to cloud computing. >>>> http://p.sf.net/sfu/novell-sfdev2dev >>>> _______________________________________________ >>>> sqlmap-users mailing list >>>> sql...@li... >>>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >>>> >>> >>> >>> >>> -- >>> Miroslav Stampar >>> >>> E-mail / Jabber: miroslav.stampar (at) gmail.com >>> Mobile: +385921010204 (HR 0921010204) >>> PGP Key ID: 0xB5397B1B >>> Location: Zagreb, Croatia >>> >> >> >> >> -- >> Miroslav Stampar >> >> E-mail / Jabber: miroslav.stampar (at) gmail.com >> Mobile: +385921010204 (HR 0921010204) >> PGP Key ID: 0xB5397B1B >> Location: Zagreb, Croatia >> > > > > -- > Andrés Riancho > Founder, Bonsai - Information Security > http://www.bonsai-sec.com/ > http://w3af.sf.net/ > > ------------------------------------------------------------------------------ > Start uncovering the many advantages of virtual appliances > and start using them to simplify application deployment and > accelerate your shift to cloud computing. > http://p.sf.net/sfu/novell-sfdev2dev > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > -- --------8<-------- Carlos Gabriel Vergara http://www.ThorSecurity.com.ar PGP: http://www.ThorSecurity.com.ar/gabrielvergara.pgp -------->8-------- |
|
From: Miroslav S. <mir...@gm...> - 2010-09-29 22:32:21
|
yea, for sure On Wed, Sep 29, 2010 at 9:34 PM, Carlos Gabriel Vergara <car...@gm...> wrote: > I can contribute with spanish common table names... want 'em? > > > > > 2010/9/29 Andres Riancho <and...@gm...>: >> I'm more interested in the script :) >> >> On Wed, Sep 29, 2010 at 11:38 AM, Miroslav Stampar >> <mir...@gm...> wrote: >>> program is done. i've run it partially for first 40 pages of Google >>> results and will leave it to run for whole night for the rest. >>> >>> if someone is interested for the complete sorted list of pairs >>> (table_name, count) give me a private mail and i'll send it to you. >>> >>> kind regards. >>> >>> p.s. first ten are at this moment: >>> >>> users,20 >>> user,14 >>> comments,12 >>> sessions,10 >>> categories,10 >>> customers,10 >>> customer,10 >>> orders,9 >>> log,8 >>> category,7 >>> >>> >>> On Wed, Sep 29, 2010 at 2:27 PM, Miroslav Stampar >>> <mir...@gm...> wrote: >>>> to be honest, this is great idea :) >>>> >>>> i've tried it and it really shows some really cool stuff :) >>>> >>>> will do this because i am more than interested what will be the results. >>>> >>>> once again, great idea >>>> >>>> On Wed, Sep 29, 2010 at 2:24 PM, Andres Riancho >>>> <and...@gm...> wrote: >>>>> Maybe if you search google's codesearch for "create table ..." inside. sql >>>>> files and automate the result extraction you would get something really cool >>>>> :) >>>>> >>>>> Regards, >>>>> -- >>>>> Andres Riancho >>>>> >>>>> El sep 29, 2010 9:21 a.m., "Miroslav Stampar" <mir...@gm...> >>>>> escribió: >>>>> >>>>> Hi. >>>>> >>>>> We are currently adding new feature into sqlmap for retrieving table >>>>> names when database (information_) schema is missing and/or sqlmap is >>>>> unable to extract table names via normal ways. >>>>> >>>>> Basic injection vector is: ...AND EXISTS(SELECT 1 FROM <table_name>)... >>>>> >>>>> So, if you have some knowledge to share please do. >>>>> >>>>> PHP, Joomla, Wordpress,... everything is more than welcome, except >>>>> database system tables. We have those more than enough ;) >>>>> >>>>> Bye. >>>>> >>>>> -- >>>>> Miroslav Stampar >>>>> >>>>> E-mail / Jabber: miroslav.stampar (at) gmail.com >>>>> Mobile: +385921010204 (HR 0921010204) >>>>> PGP Key ID: 0xB5397B1B >>>>> Location: Zagreb, Croatia >>>>> >>>>> ------------------------------------------------------------------------------ >>>>> Start uncovering the many advantages of virtual appliances >>>>> and start using them to simplify application deployment and >>>>> accelerate your shift to cloud computing. >>>>> http://p.sf.net/sfu/novell-sfdev2dev >>>>> _______________________________________________ >>>>> sqlmap-users mailing list >>>>> sql...@li... >>>>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >>>>> >>>> >>>> >>>> >>>> -- >>>> Miroslav Stampar >>>> >>>> E-mail / Jabber: miroslav.stampar (at) gmail.com >>>> Mobile: +385921010204 (HR 0921010204) >>>> PGP Key ID: 0xB5397B1B >>>> Location: Zagreb, Croatia >>>> >>> >>> >>> >>> -- >>> Miroslav Stampar >>> >>> E-mail / Jabber: miroslav.stampar (at) gmail.com >>> Mobile: +385921010204 (HR 0921010204) >>> PGP Key ID: 0xB5397B1B >>> Location: Zagreb, Croatia >>> >> >> >> >> -- >> Andrés Riancho >> Founder, Bonsai - Information Security >> http://www.bonsai-sec.com/ >> http://w3af.sf.net/ >> >> ------------------------------------------------------------------------------ >> Start uncovering the many advantages of virtual appliances >> and start using them to simplify application deployment and >> accelerate your shift to cloud computing. >> http://p.sf.net/sfu/novell-sfdev2dev >> _______________________________________________ >> sqlmap-users mailing list >> sql...@li... >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> > > > > -- > --------8<-------- > Carlos Gabriel Vergara > http://www.ThorSecurity.com.ar > > PGP: http://www.ThorSecurity.com.ar/gabrielvergara.pgp > -------->8-------- > > ------------------------------------------------------------------------------ > Start uncovering the many advantages of virtual appliances > and start using them to simplify application deployment and > accelerate your shift to cloud computing. > http://p.sf.net/sfu/novell-sfdev2dev > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > -- Miroslav Stampar E-mail / Jabber: miroslav.stampar (at) gmail.com Mobile: +385921010204 (HR 0921010204) PGP Key ID: 0xB5397B1B Location: Zagreb, Croatia |
|
From: Miroslav S. <mir...@gm...> - 2010-09-29 22:36:58
Attachments:
sqlharvest.py
|
it's a modification of one of my previous scripts. it uses mobile google search page because it doesn't have any limitations regarding time between two queries. On Wed, Sep 29, 2010 at 5:08 PM, Andres Riancho <and...@gm...> wrote: > I'm more interested in the script :) > > On Wed, Sep 29, 2010 at 11:38 AM, Miroslav Stampar > <mir...@gm...> wrote: >> program is done. i've run it partially for first 40 pages of Google >> results and will leave it to run for whole night for the rest. >> >> if someone is interested for the complete sorted list of pairs >> (table_name, count) give me a private mail and i'll send it to you. >> >> kind regards. >> >> p.s. first ten are at this moment: >> >> users,20 >> user,14 >> comments,12 >> sessions,10 >> categories,10 >> customers,10 >> customer,10 >> orders,9 >> log,8 >> category,7 >> >> >> On Wed, Sep 29, 2010 at 2:27 PM, Miroslav Stampar >> <mir...@gm...> wrote: >>> to be honest, this is great idea :) >>> >>> i've tried it and it really shows some really cool stuff :) >>> >>> will do this because i am more than interested what will be the results. >>> >>> once again, great idea >>> >>> On Wed, Sep 29, 2010 at 2:24 PM, Andres Riancho >>> <and...@gm...> wrote: >>>> Maybe if you search google's codesearch for "create table ..." inside. sql >>>> files and automate the result extraction you would get something really cool >>>> :) >>>> >>>> Regards, >>>> -- >>>> Andres Riancho >>>> >>>> El sep 29, 2010 9:21 a.m., "Miroslav Stampar" <mir...@gm...> >>>> escribió: >>>> >>>> Hi. >>>> >>>> We are currently adding new feature into sqlmap for retrieving table >>>> names when database (information_) schema is missing and/or sqlmap is >>>> unable to extract table names via normal ways. >>>> >>>> Basic injection vector is: ...AND EXISTS(SELECT 1 FROM <table_name>)... >>>> >>>> So, if you have some knowledge to share please do. >>>> >>>> PHP, Joomla, Wordpress,... everything is more than welcome, except >>>> database system tables. We have those more than enough ;) >>>> >>>> Bye. >>>> >>>> -- >>>> Miroslav Stampar >>>> >>>> E-mail / Jabber: miroslav.stampar (at) gmail.com >>>> Mobile: +385921010204 (HR 0921010204) >>>> PGP Key ID: 0xB5397B1B >>>> Location: Zagreb, Croatia >>>> >>>> ------------------------------------------------------------------------------ >>>> Start uncovering the many advantages of virtual appliances >>>> and start using them to simplify application deployment and >>>> accelerate your shift to cloud computing. >>>> http://p.sf.net/sfu/novell-sfdev2dev >>>> _______________________________________________ >>>> sqlmap-users mailing list >>>> sql...@li... >>>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >>>> >>> >>> >>> >>> -- >>> Miroslav Stampar >>> >>> E-mail / Jabber: miroslav.stampar (at) gmail.com >>> Mobile: +385921010204 (HR 0921010204) >>> PGP Key ID: 0xB5397B1B >>> Location: Zagreb, Croatia >>> >> >> >> >> -- >> Miroslav Stampar >> >> E-mail / Jabber: miroslav.stampar (at) gmail.com >> Mobile: +385921010204 (HR 0921010204) >> PGP Key ID: 0xB5397B1B >> Location: Zagreb, Croatia >> > > > > -- > Andrés Riancho > Founder, Bonsai - Information Security > http://www.bonsai-sec.com/ > http://w3af.sf.net/ > -- Miroslav Stampar E-mail / Jabber: miroslav.stampar (at) gmail.com Mobile: +385921010204 (HR 0921010204) PGP Key ID: 0xB5397B1B Location: Zagreb, Croatia |
|
From: Andres R. <and...@gm...> - 2010-09-30 12:02:35
|
The script is cool, but my idea was to use google.com/codesearch , which will (most likely) give you more hits. Regards, -- Andres Riancho El sep 29, 2010 7:36 p.m., "Miroslav Stampar" <mir...@gm...> escribió: it's a modification of one of my previous scripts. it uses mobile google search page because it doesn't have any limitations regarding time between two queries. On Wed, Sep 29, 2010 at 5:08 PM, Andres Riancho <and...@gm...> wrote: > I'm more interested in the script :) > > On Wed, Sep 29, 2010 at... -- Miroslav Stampar E-mail / Jabber: miroslav.stampar (at) gmail.com Mobile: +385921010204 (HR 0921010... |
|
From: Miroslav S. <mir...@gm...> - 2010-09-30 12:32:39
|
ok. thanks for noting. if i get time i'll also do this one. right now results from plain google search seem to be more than enough. On Thu, Sep 30, 2010 at 2:02 PM, Andres Riancho <and...@gm...> wrote: > The script is cool, but my idea was to use google.com/codesearch , which > will (most likely) give you more hits. > > Regards, > -- > Andres Riancho > > El sep 29, 2010 7:36 p.m., "Miroslav Stampar" <mir...@gm...> > escribió: > > it's a modification of one of my previous scripts. it uses mobile > google search page because it doesn't have any limitations regarding > time between two queries. > > On Wed, Sep 29, 2010 at 5:08 PM, Andres Riancho > > <and...@gm...> wrote: >> I'm more interested in the script :) >> >> On Wed, Sep 29, 2010 at... > > -- > > Miroslav Stampar > > E-mail / Jabber: miroslav.stampar (at) gmail.com > Mobile: +385921010204 (HR 0921010... -- Miroslav Stampar E-mail / Jabber: miroslav.stampar (at) gmail.com Mobile: +385921010204 (HR 0921010204) PGP Key ID: 0xB5397B1B Location: Zagreb, Croatia |
|
From: Andres R. <and...@gm...> - 2010-10-10 19:33:16
|
Miroslav,
Floyd Fuh and javier Andalia from the w3af dev team worked together to
implement a google mobile search wrapper and they noticed that it DOES have
limitations. Could you please confirm?
Regards,
--
Andres Riancho
El sep 30, 2010 9:32 a.m., "Miroslav Stampar" <mir...@gm...>
escribió:
ok. thanks for noting. if i get time i'll also do this one. right now
results from plain google search seem to be more than enough.
On Thu, Sep 30, 2010 at 2:02 PM, Andres Riancho
<and...@gm...> wrote:
> The script is cool, but my idea was to use google.com/codesearch...
--
Miroslav Stampar
E-mail / Jabber: miroslav.stampar (at) gmail.com
Mobile: +385921010204 (HR 0921010204)
PGP Key ID: 0xB5397B1B
Location: Zagreb, Croatia
|
|
From: Miroslav S. <mir...@gm...> - 2010-10-10 19:41:42
|
hi. what are the limitations they've noticed? maybe there is a limitation in number of search pages, but during last testing google returned something about 40 pages to work with which is more than enough. i just know that there are no limitations that common google search has in doing large number of search queries in some short time period. as I remember common google search nags about you may be a "robot", but i suppose that they didn't expect it for anyone to do it via mobile search page. plz, just send them that python script i've sent to you. let them try. kind regards. On Sun, Oct 10, 2010 at 9:33 PM, Andres Riancho <and...@gm...> wrote: > Miroslav, > > Floyd Fuh and javier Andalia from the w3af dev team worked together to > implement a google mobile search wrapper and they noticed that it DOES have > limitations. Could you please confirm? > > Regards, > -- > Andres Riancho > > El sep 30, 2010 9:32 a.m., "Miroslav Stampar" <mir...@gm...> > escribió: > > ok. thanks for noting. if i get time i'll also do this one. right now > results from plain google search seem to be more than enough. > > On Thu, Sep 30, 2010 at 2:02 PM, Andres Riancho > > <and...@gm...> wrote: >> The script is cool, but my idea was to use google.com/codesearch... > > -- > > Miroslav Stampar > > E-mail / Jabber: miroslav.stampar (at) gmail.com > > Mobile: +385921010204 (HR 0921010204) > PGP Key ID: 0xB5397B1B > Location: Zagreb, Croatia -- Miroslav Stampar E-mail / Jabber: miroslav.stampar (at) gmail.com Mobile: +385921010204 (HR 0921010204) PGP Key ID: 0xB5397B1B Location: Zagreb, Croatia |
|
From: Miroslav S. <mir...@gm...> - 2010-10-10 19:42:55
|
...by 40 pages i meant 40 pages of search results bye On Sun, Oct 10, 2010 at 9:41 PM, Miroslav Stampar <mir...@gm...> wrote: > hi. > > what are the limitations they've noticed? maybe there is a limitation > in number of search pages, but during last testing google returned > something about 40 pages to work with which is more than enough. > > i just know that there are no limitations that common google search > has in doing large number of search queries in some short time period. > as I remember common google search nags about you may be a "robot", > but i suppose that they didn't expect it for anyone to do it via > mobile search page. > > plz, just send them that python script i've sent to you. let them try. > > kind regards. > > On Sun, Oct 10, 2010 at 9:33 PM, Andres Riancho > <and...@gm...> wrote: >> Miroslav, >> >> Floyd Fuh and javier Andalia from the w3af dev team worked together to >> implement a google mobile search wrapper and they noticed that it DOES have >> limitations. Could you please confirm? >> >> Regards, >> -- >> Andres Riancho >> >> El sep 30, 2010 9:32 a.m., "Miroslav Stampar" <mir...@gm...> >> escribió: >> >> ok. thanks for noting. if i get time i'll also do this one. right now >> results from plain google search seem to be more than enough. >> >> On Thu, Sep 30, 2010 at 2:02 PM, Andres Riancho >> >> <and...@gm...> wrote: >>> The script is cool, but my idea was to use google.com/codesearch... >> >> -- >> >> Miroslav Stampar >> >> E-mail / Jabber: miroslav.stampar (at) gmail.com >> >> Mobile: +385921010204 (HR 0921010204) >> PGP Key ID: 0xB5397B1B >> Location: Zagreb, Croatia > > > > -- > Miroslav Stampar > > E-mail / Jabber: miroslav.stampar (at) gmail.com > Mobile: +385921010204 (HR 0921010204) > PGP Key ID: 0xB5397B1B > Location: Zagreb, Croatia > -- Miroslav Stampar E-mail / Jabber: miroslav.stampar (at) gmail.com Mobile: +385921010204 (HR 0921010204) PGP Key ID: 0xB5397B1B Location: Zagreb, Croatia |
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X