hi David. "I don't know if there are other quickest methods, else it could be included in sqlmap."
actually we have a mechanisms to dealing with these kind of problems. it's called tampering and you can use it with --tamper switch and scripts located in ./tamper directory. in your case best solution would be to try to use script "tamper/between.py". it will replace all occurrences of character > with equivalent 'between' form, e.g. a>10 ---> a not between 0 and 10. so, try to use --tamper="./tamper/between.py" do deal with your case. KR On Wed, Apr 20, 2011 at 6:33 PM, David Alvarez <david.alvare...@gmail.com> wrote: > Hello, > I found a web application that uses PostgreSQL 8.1.22 and filter '>' and '<' > characters. This app is vulnerable to a Blind Sql injection, so sqlmap try > to extract data doing the boolean-base technique. However, due to <,> > characters are filtered sqlmap is not able to extract data. The method that > I used to extract was very slow: changing boolean condition from A > B to A > = B. > So, this is a possible kind of method to extract data when '<>' characters > are filtered. I don't know if there are other quickest methods, else it > could be included in sqlmap. > Kind regards, > David Alvarez > ------------------------------------------------------------------------------ > Benefiting from Server Virtualization: Beyond Initial Workload > Consolidation -- Increasing the use of server virtualization is a top > priority.Virtualization can reduce costs, simplify management, and improve > application availability and disaster protection. Learn more about boosting > the value of server virtualization. http://p.sf.net/sfu/vmware-sfdev2dev > _______________________________________________ > sqlmap-users mailing list > sqlmap-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar E-mail: miroslav.stampar (at) gmail.com PGP Key ID: 0xB5397B1B ------------------------------------------------------------------------------ Benefiting from Server Virtualization: Beyond Initial Workload Consolidation -- Increasing the use of server virtualization is a top priority.Virtualization can reduce costs, simplify management, and improve application availability and disaster protection. Learn more about boosting the value of server virtualization. http://p.sf.net/sfu/vmware-sfdev2dev _______________________________________________ sqlmap-users mailing list sqlmap-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/sqlmap-users
