Inline.. Bernardo Damele A. G.
This message was sent from a smartphone On 28 May 2011, at 21:17, Giorgio Fedon <giorgio.fe...@gmail.com> wrote: > Thankyou for pointing it out, but the post is more aimed to explain > which part of SQL to modify to change the logic. Nice blog post. Also, consider writing and using your own tamper scripts if you can. I look forward to hear feedback from you about that feature. It is of course documented in he users manual. > It was just an > example, I felt into things like need of hex encodings or other > stuff... Giorgio, feel free to request features. They well might be already in our ticketing system as may not! > in addition the preliminary checks may not work and block you > wither If you provide tamper scripts, prefix, suffix and dbms then sqlmap should do very little initial requests at the detection phase. To avoid any fingerprint request, provide --dbms with "mssql 2005" for instance. > > Giorgio > > 2011/5/28 Miroslav Stampar <miroslav.stam...@gmail.com>: >> hi. >> >> now after last commit (added ./tamper/equaltolike.py tampering script) >> you can avoid filtering of >, < and = chars with: >> >> --tamper="between,equaltolike" >> >> kr >> >> On Sat, May 28, 2011 at 1:28 PM, Miroslav Stampar >> <miroslav.stam...@gmail.com> wrote: >>> hi Georgio. >>> >>> we have a mechanism called "tampering" for doing this kind of things. >>> >>> e.g. for dealing with characters > and < you can try to use >>> --tamper=between which will replace standard greater/lesser than >>> characters in inference by BETWEEN operator >>> >>> kr >>> >>> On Sat, May 28, 2011 at 1:02 PM, Giorgio Fedon <giorgio.fe...@gmail.com> >>> wrote: >>>> Dear List, >>>> >>>> A tool cannot deal automatically with particular contexts and situations. >>>> A common reason of failure for SQL injection tools is the fact that >>>> some field are vulnerable but somehow sanitized. >>>> >>>> If fields are sanitized the Penetration tester must: >>>> 1) Understand which characters are filtered and how >>>> 2) Find how to make the blind SQL logic to work even if there are >>>> restrictions in place >>>> 3) Use a tool that can be customized with your new logic >>>> >>>> SQL is the best tool available for me (I am a strong SQLmap supporter >>>> :D) because it's yet powerful, but also fully customizable and meets >>>> perfectly these requirements. >>>> >>>> You can find the post here: >>>> http://blog.mindedsecurity.com/2011/05/customizing-sqlmap-to-bypass-weak-but.html >>>> >>>> Thank you, >>>> >>>> Giorgio Fedon >>>> >>>> ------------------------------------------------------------------------------ >>>> vRanger cuts backup time in half-while increasing security. >>>> With the market-leading solution for virtual backup and recovery, >>>> you get blazing-fast, flexible, and affordable data protection. >>>> Download your free trial now. >>>> http://p.sf.net/sfu/quest-d2dcopy1 >>>> _______________________________________________ >>>> sqlmap-users mailing list >>>> sqlmap-users@lists.sourceforge.net >>>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >>>> >>> >>> >>> >>> -- >>> Miroslav Stampar >>> >>> E-mail: miroslav.stampar (at) gmail.com >>> PGP Key ID: 0xB5397B1B >>> >> >> >> >> -- >> Miroslav Stampar >> >> E-mail: miroslav.stampar (at) gmail.com >> PGP Key ID: 0xB5397B1B >> > > ------------------------------------------------------------------------------ > vRanger cuts backup time in half-while increasing security. > With the market-leading solution for virtual backup and recovery, > you get blazing-fast, flexible, and affordable data protection. > Download your free trial now. > http://p.sf.net/sfu/quest-d2dcopy1 > _______________________________________________ > sqlmap-users mailing list > sqlmap-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/sqlmap-users ------------------------------------------------------------------------------ vRanger cuts backup time in half-while increasing security. With the market-leading solution for virtual backup and recovery, you get blazing-fast, flexible, and affordable data protection. Download your free trial now. http://p.sf.net/sfu/quest-d2dcopy1 _______________________________________________ sqlmap-users mailing list sqlmap-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/sqlmap-users
