On Wed, May 4, 2011 at 2:26 PM, <bua...@gmail.com> wrote: > On 05/04/2011 12:15 PM, Bernardo Damele A. G. wrote: >> * Confirm injection in another page (feature requested by someone on >> the mailing list) > > Great! > >> * Implement out-of-band for data fetching: we may possibly implement >> this. It would be split down in the following functions: >> * HTTP requests (Oracle UTL_HTTP) >> * UNC paths (can be done in all DBMS afaik) >> * openrowset (to replicate dbms remotely on MSSQL) >> * db_link() (to replicate dbms remotely on PgSQL) > > Will this also include DNS based exfiltration? (UTL_INADDR, ..) > http://article.gmane.org/gmane.comp.security.sqlmap/1073 yes :) > > > > > > > > ------------------------------------------------------------------------------ > WhatsUp Gold - Download Free Network Management Software > The most intuitive, comprehensive, and cost-effective network > management toolset available today. Delivers lowest initial > acquisition cost and overall TCO of any competing solution. > http://p.sf.net/sfu/whatsupgold-sd > _______________________________________________ > sqlmap-users mailing list > sqlmap-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/sqlmap-users >
-- Miroslav Stampar E-mail: miroslav.stampar (at) gmail.com PGP Key ID: 0xB5397B1B ------------------------------------------------------------------------------ WhatsUp Gold - Download Free Network Management Software The most intuitive, comprehensive, and cost-effective network management toolset available today. Delivers lowest initial acquisition cost and overall TCO of any competing solution. http://p.sf.net/sfu/whatsupgold-sd _______________________________________________ sqlmap-users mailing list sqlmap-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/sqlmap-users
