Hi.
I see your point, but this is more a case for a some kind of PoC tool (and
not sqlmap). Such scenario would (IMO) involve one more step in already
non-simple setup. It's not that it doesn't have any sense, but it doesn't
help the automated tool like sqlmap.
Kind regards,
Miroslav Stampar
On
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
> Problem is that sqlmap needs to have data retrieved to be able to
> do it's normal workflow. For example, if you do --dump sqlmap
> needs to know table columns. In your proposed case that would be
> problematic. Also, there are lots of cases when
Hi.
Problem is that sqlmap needs to have data retrieved to be able to do it's
normal workflow. For example, if you do --dump sqlmap needs to know table
columns. In your proposed case that would be problematic. Also, there are
lots of cases when we ask server for a simple questions and we need an
a
Good question Miroslav.. I tried to think in something that can be
implemented without ruin sqlmap query schema, but I could not come to any
conclusion... =(
The thing is, sqlsus use a different approch to dump the data, making this
kind of thing possible...
The solution that I found in this part
Hi David.
And what do you recommend to be done in case of query with length >
max_inj_length?
Kind regards,
Miroslav Stampar
On Apr 1, 2013 11:14 PM, "David Guimaraes" wrote:
> Hi, I am trying to perform sql injection on a web site but I can not get
> successful due to a size limitation on the
On 26 June 2012 10:48, Bernardo Damele A. G. wrote:
> In the meantime, we have --predict-output switch. You can tweak
> upfront the txt/common-outputs.txt for speed improvements.
> Refer to the user's manual for details.
Unfortunately that doesn't help when it is in the middle of a run and
you sp
In the meantime, we have --predict-output switch. You can tweak
upfront the txt/common-outputs.txt for speed improvements.
Refer to the user's manual for details.
Bernardo
On 26 June 2012 09:36, Robin Wood wrote:
> On 26 June 2012 08:10, Miroslav Stampar wrote:
>> Hi Robin.
>>
>> You are an xy
On 26 June 2012 08:10, Miroslav Stampar wrote:
> Hi Robin.
>
> You are an xyz-th user with this same request ;)
Thought I might be.
> Problem is that Python doesn't have a getch() mechanism (there are some
> dirty hacks, but are really dirty, OS dependent and unstable) making it
> clumsy for thi
Hi Robin.
You are an xyz-th user with this same request ;)
Problem is that Python doesn't have a getch() mechanism (there are some
dirty hacks, but are really dirty, OS dependent and unstable) making it
clumsy for this feature. You would have to enter something and press Enter
for it to register
I technique is the mechanism by which the SQL injection works, be it
UNION, Blind, Stacked, or what have you. The technique alters how you
may do what you are asking for.
On Mon, Jun 25, 2012 at 12:32 PM, Robin Wood wrote:
> I was retrieving table names at the time but I guess it would help in ot
I was retrieving table names at the time but I guess it would help in other
situations as well.
Robin
On Jun 25, 2012 6:07 PM, "Miroslav Stampar"
wrote:
> You forgot to mention which technique?
>
> Kind regards,
> Miroslav Stampar
>
> On Mon, Jun 25, 2012 at 6:03 PM, Robin Wood wrote:
>
>> I've
You forgot to mention which technique?
Kind regards,
Miroslav Stampar
On Mon, Jun 25, 2012 at 6:03 PM, Robin Wood wrote:
> I've just been testing a site which has to have the --no-cast option
> to retrieve data, it works great but it is very slow. Because of this
> I'd quite often guessed the d
Find it unhidden with the latest r5123.
Kind regards
On Thu, Jun 14, 2012 at 3:51 PM, Miroslav Stampar <
miroslav.stam...@gmail.com> wrote:
> Ok. Cool :)
>
> We'll most probably unhide that switch these days as it's a quite usable
> one
>
> Kind regards
>
>
> On Thu, Jun 14, 2012 at 3:49 PM, Yor
Ok. Cool :)
We'll most probably unhide that switch these days as it's a quite usable one
Kind regards
On Thu, Jun 14, 2012 at 3:49 PM, Yori Kvitchko <
y...@counterhackchallenges.com> wrote:
> Miroslav,
>
> It looks like --test-filter is what I need. I don't need a custom suffix
> and prefix, I
Miroslav,
It looks like --test-filter is what I need. I don't need a custom suffix
and prefix, I just need to force sqlmap to use a specific test it
already has in its collection of payloads.xml and only that test. If I
can use test-filter to select exactly the test I need and sqlmap will
onl
Hi Yori.
"With that in mind it makes sense to be able to specify a test/payload
combination that you have found and you know is working."
We already have two mechanisms for such thing:
1) --prefix/--suffix where you can specify what are the prefix and suffix
of SQL injection vector (e.g. --prefix
CSRF protection bypass is in the TODO list, it will be implement at some point.
Bernardo
On 14 March 2012 18:57, a nice guy wrote:
> Hello,
>
> I think it would great if sqlmap could detect which post-parameter
> contains the csrf-token, if any,
> or select the toke manually.
>
> kind regards,
You can provide cookies and POST parameters to -p already as well as
"ua" for User-Agent.
Bernardo
On 14 March 2012 18:54, a nice guy wrote:
>
> Hello,
>
> It would be very nice if it would be possible to specify the targeted
> value directly for
> post/cookie/agent/referrer, as it is possible
Hi.
As said, python is constrained in this manner. You can't even listen to
keystrokes, so if there would be a 'listening thread' you would need to
enter whole 'guess' and press enter for it to process (also, console output
would be mess) - raw_input().
So, it would be clumsy as well, but other t
On 11 January 2012 11:32, Bernardo Damele A. G.
wrote:
> Hi Chris,
>
> You can tune txt/common-outputs.txt to your needs in order to make
> --predict-output more efficient for your test.
>
> Bernardo
>
> On 11 January 2012 11:29, Chris Oakley wrote:
>> I think Ctrl+C is going to be the only way t
Hi Chris,
You can tune txt/common-outputs.txt to your needs in order to make
--predict-output more efficient for your test.
Bernardo
On 11 January 2012 11:29, Chris Oakley wrote:
> I think Ctrl+C is going to be the only way to do it reliably in Python. I
> wasn't actually aware of the --predic
I think Ctrl+C is going to be the only way to do it reliably in Python. I
wasn't actually aware of the --predict-output switch and will have a play,
but from the description it does sound like it falls short a little. That
said, if there are higher priority features or bug fixes... it's not the
e
Hi again.
Minor update. --predict-output switch will perform well only on start of
outputs. So, it will greatly speed up the starting part with "Microsoft SQL
Server" but the rest is done normally (won't go into detail why and how is
this performed only for the beginning of the retrieved string).
Hi Hans.
Basically, you are right. --predict-output is a good replacement for this
kind cases, but I am not sure if it's enough for Ryan and Chris.
Also, i'll need to take a look into it and maybe upgrade it a bit as there
hasn't been development on it for more than a year.
Kind regards,
Mirosla
Hello everyone,
Whats with --predict-output ??
Maybe you could use that.
Cheers
Am 11.01.2012 um 09:09 schrieb Miroslav Stampar :
Hi guys.
This would be implemented long time ago only if Python wasn't such really
bad about interrupting it's processes. Sadly, you can 'pause' (interrupt)
them on
Hi guys.
This would be implemented long time ago only if Python wasn't such really
bad about interrupting it's processes. Sadly, you can 'pause' (interrupt)
them only by Ctrl+C. Now, I can put this there, but it will be clumsy at
least.
If you have other ideas how to deal with this problem, pleas
I'm sure that there are higher priorities than this, but I have to add that
this would be useful for me too. As an example, on a recent test I was
grabbing the banner of the DBMS as a quick POC for a client.
The banner was as follows:
Banner:
---
Microsoft SQL Server 2000 - 8.00.2055 (Intel X86
Thanks for those great improvements.
Andres
El 29 de agosto de 2011 15:41, Miroslav Stampar
escribió:
> hi again.
>
> with the last commit r4369 new switch "--skip" is added.
>
> e.g. --skip=ua
> or
> e.g. --skip=random-agent
> or
> e.g. --skip="ua,random-agent,id,id2"
>
> will make sqlmap expl
hi again.
with the last commit r4369 new switch "--skip" is added.
e.g. --skip=ua
or
e.g. --skip=random-agent
or
e.g. --skip="ua,random-agent,id,id2"
will make sqlmap explicit skip the testing of parameters provided this way
kind regards
2011/8/20 Andres Tarascó Acuña :
> hi there!
>
> I would
hi Andres.
with the latest r4366 commit there is a new switch implemented
'--randomize' by your request.
example of usage:
-u "www.site.com/vuln.php?id=1&id2=2&id3=3" --randomize=id2
it will automatically randomize parameter value for id2 in further
requests regarding it's "template type"
integ
Hi,
This is easily accomplished with already available tools.
ex: route add -host 1.1.1.1 dev eth0:0 gw your_gw
cheers
james
On Mon, 20 Jun 2011 19:05:07 +0200, Miroslav Stampar wrote:
> ok.
>
> you probably need something like:
>
> http://www.thegoldfish.org/2009/05/python-httpconnection-
ok.
you probably need something like:
http://www.thegoldfish.org/2009/05/python-httpconnection-bound-to-network-interface/
we'll see what can be done (these days)
kr
On Mon, Jun 20, 2011 at 6:55 PM, Miroslav Stampar
wrote:
> hi Kirill.
>
> you mean something like -e eth0?
>
> kr
>
> On Mon, Ju
hi Kirill.
you mean something like -e eth0?
kr
On Mon, Jun 20, 2011 at 5:24 PM, Kirill Morozov wrote:
> Hi,
> it would be very useful if i could specify another source ip address from
> interface for sqlmap http requests.
>
> --
> Kirill Morozov
> KIMO2-RIPE, RHCE
>
>
>
> --
Andres,
On 28 Apr 2011, at 13:53, "Andres Tarascó Acuña" wrote:
Thanks David!
so, to test sveral URI segments, i probable need to use something
like: ./sqlmap.py -u http://host/path/chunk1*/chunk2* --data="postparameter=foo"
is that right?
Yes.
what should i type into the "-p" parameter to c
Thanks David!
so, to test sveral URI segments, i probable need to use something
like: ./sqlmap.py -u http://host/path/chunk1*/chunk2* --data="postparameter=foo"
is that right?
what should i type into the "-p" parameter to check sql injections only
against chunk2 (instead of attacking "postparamete
Indeed, thanks David for replying.
I will update the user's manual with this feature at some point like someone
else pointed out.
Cheers,
Bernardo Damele A. G.
This message was sent from a smartphone
On 28 Apr 2011, at 13:33, David Guimaraes wrote:
Use * character at param value:
http://vulns
Use * character at param value:
http://vulnsite.com/vulnscript/1*/2
2011/4/28 Andres Tarascó Acuña
> Hello,
>
> I'm new to the list so probably I'm going to ask for something that was
> previously discussed. Anyway, I'm going to try :)
>
> I wish to know if there are plans to support "URI sql i
hi.
this is implemented with r3496.
support for Windows users is also incorporated through much slower 3rd
party fcrypt module included in extra folder.
kr
On Fri, Mar 25, 2011 at 8:01 AM, Miroslav Stampar
wrote:
> hi.
>
> no problem. only thing is that this will be limited to sqlmap on Unix
>
hi.
no problem. only thing is that this will be limited to sqlmap on Unix
platforms as we'll need to use crypt module
(http://docs.python.org/library/crypt.html). other (manual written)
solutions would be too slow.
kr
On Fri, Mar 25, 2011 at 5:58 AM, Kirill Morozov wrote:
> Hi, Miroslav,
>
> pl
hi Kirill.
you are right. it's should be disabled by default.
now it can be enabled by usage of a switch --page-rank
kr
On Wed, Mar 23, 2011 at 11:07 AM, Kirill Morozov wrote:
> By default pagerank check is always enabled, but google can ban your IP if
> you make too much requests.
> I don't n
40 matches
Mail list logo
