On 4 May 2011 13:26, <bua...@gmail.com> wrote: > ... >> * Implement out-of-band for data fetching: we may possibly implement >> this. It would be split down in the following functions: >> * HTTP requests (Oracle UTL_HTTP) >> * UNC paths (can be done in all DBMS afaik) >> * openrowset (to replicate dbms remotely on MSSQL) >> * db_link() (to replicate dbms remotely on PgSQL) > > Will this also include DNS based exfiltration? (UTL_INADDR, ..) > http://article.gmane.org/gmane.comp.security.sqlmap/1073
Like I replied to you buawig at that time[1], it will possibly make it to 1.0, I simply did not mention this specific vector here. [1] http://article.gmane.org/gmane.comp.security.sqlmap/1075 -- Bernardo Damele A. G. E-mail / Jabber: bernardo.damele (at) gmail.com Mobile: +447788962949 (UK 07788962949) PGP Key ID: 0x05F5A30F ------------------------------------------------------------------------------ WhatsUp Gold - Download Free Network Management Software The most intuitive, comprehensive, and cost-effective network management toolset available today. Delivers lowest initial acquisition cost and overall TCO of any competing solution. http://p.sf.net/sfu/whatsupgold-sd _______________________________________________ sqlmap-users mailing list sqlmap-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/sqlmap-users