On 4 May 2011 13:26,  <bua...@gmail.com> wrote:
> ...
>> * Implement out-of-band for data fetching: we may possibly implement
>> this. It would be split down in the following functions:
>>   * HTTP requests (Oracle UTL_HTTP)
>>   * UNC paths (can be done in all DBMS afaik)
>>   * openrowset (to replicate dbms remotely on MSSQL)
>>   * db_link() (to replicate dbms remotely on PgSQL)
>
> Will this also include DNS based exfiltration? (UTL_INADDR, ..)
> http://article.gmane.org/gmane.comp.security.sqlmap/1073

Like I replied to you buawig at that time[1], it will possibly make it
to 1.0, I simply did not mention this specific vector here.

[1] http://article.gmane.org/gmane.comp.security.sqlmap/1075


-- 
Bernardo Damele A. G.

E-mail / Jabber: bernardo.damele (at) gmail.com
Mobile: +447788962949 (UK 07788962949)
PGP Key ID: 0x05F5A30F

------------------------------------------------------------------------------
WhatsUp Gold - Download Free Network Management Software
The most intuitive, comprehensive, and cost-effective network 
management toolset available today.  Delivers lowest initial 
acquisition cost and overall TCO of any competing solution.
http://p.sf.net/sfu/whatsupgold-sd
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users

Reply via email to