On 05/04/2011 12:15 PM, Bernardo Damele A. G. wrote: > * Confirm injection in another page (feature requested by someone on > the mailing list)
Great! > * Implement out-of-band for data fetching: we may possibly implement > this. It would be split down in the following functions: > * HTTP requests (Oracle UTL_HTTP) > * UNC paths (can be done in all DBMS afaik) > * openrowset (to replicate dbms remotely on MSSQL) > * db_link() (to replicate dbms remotely on PgSQL) Will this also include DNS based exfiltration? (UTL_INADDR, ..) http://article.gmane.org/gmane.comp.security.sqlmap/1073 ------------------------------------------------------------------------------ WhatsUp Gold - Download Free Network Management Software The most intuitive, comprehensive, and cost-effective network management toolset available today. Delivers lowest initial acquisition cost and overall TCO of any competing solution. http://p.sf.net/sfu/whatsupgold-sd _______________________________________________ sqlmap-users mailing list sqlmap-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/sqlmap-users
