Hi Rick,
sqlmap has full support for:
* Boolean based blind SQL injection, also called inferential blind SQL injection
* UNION query SQL injection, also called inband SQL injection, either
full and single entry (partial)
* Stacked query SQL injection
It does not support time based blind SQL injection yet, I will work on
it in the long run.
Regards,
Bernardo
On Wed, Feb 11, 2009 at 14:41, Rick Tortorella <rt...@gm...> wrote:
> I read the docs and they state that sqlmap can perform blind sqli. But, it
> can't. I'm tested this using an application that is only susceptible to time
> based blind sqli (which, in point of fact, is the only type of blind IMO...
> if you get varying repsonses back from the server that's not really blind,
> it's more of a limited error response or better yet, varried response sqli).
> sqlmap cannot initialize when used against an application that only has time
> based blind sqli. Is there any plans to update sqlmap to work against these
> types of applications?
--
Bernardo Damele A. G.
E-mail / Jabber: bernardo.damele (at) gmail.com
Mobiles: +447788962949 (UK), +393493821385 (IT)
PGP Key ID: 0x05F5A30F
|
