and when we use -C user_name does it search for User_name and User_Name
column names ?
On Tue, Feb 10, 2015 at 12:11 AM, a dehqan wrote:
> So to search in all tables for value "string" , i think the only way is to
> use sp like this
> http://blogs.lessthandot.com/index.php/DataMgmt/DataDesign/th
So to search in all tables for value "string" , i think the only way is to
use sp like this
http://blogs.lessthandot.com/index.php/DataMgmt/DataDesign/the-ten-most-asked-sql-server-questions--1/#2
But is it possible to craete it in sql shell ?
Regards
On Wed, Feb 4, 2015 at 7:29 PM, a dehqan wr
So this admin user has not insert access , but how to be sure ? is there
any command ?
On Mon, Feb 9, 2015 at 7:35 PM, Miroslav Stampar wrote:
> You can't do that in sqlmap and I am pretty sure that it wouldn't suite
> your needs too.
>
> Also, if there are other techniques available sqlmap wi
No. One working UNION payload produced by yourself.
Bye
On Feb 9, 2015 5:14 PM, "Vojtěch Polášek" wrote:
> Hi,
> thanks for your reply.
> What do you mean by one working union payload?
> Do you mean payload which causes sqlmap to report URL as being union
> injectable?
> Thank you very much,
>
A UNION payload that shows some bit of data that you expect in the response.
For instance, perhaps the first column in the union is expected to be a
UUID, and the third column is given back in the response.
UNION SELECT '2403db44-b077-11e4-b0e1-000c29133bd7', NULL,
0x6664736166647361, NULL
If th
Hi,
thanks for your reply.
What do you mean by one working union payload?
Do you mean payload which causes sqlmap to report URL as being union
injectable?
Thank you very much,
Vojta
On 9.2.2015 13:23, Miroslav Stampar wrote:
> As Brandon said, one of columns could be "picky" about the "test"
>
As Brandon said, one of columns could be "picky" about the "test" values
being used. We use either NULLs or integer values (e.g. 1) and this works
quite well in majority of situations (auto-casting and stuff).
Also, there is a possibility that ORDER BY mechanism is triggering some
results, while t
Really not sure what are you trying to do. Do you want that "error-based"
query to be part of "stacked-query" or what?
Bye
On Mon, Feb 9, 2015 at 12:24 AM, a dehqan wrote:
> Maybe my question isn't clear , let me try again :
>
> I need to change stack query to not using timebase detection ?
>
>
