Re: [sqlmap-users] Feature Request

Tue, 10 Jan 2012 08:50:21 -0800 

I'm sure that there are higher priorities than this, but I have to add that
this would be useful for me too.  As an example, on a recent test I was
grabbing the banner of the DBMS as a quick POC for a client.

The banner was as follows:

Banner:
---
Microsoft SQL Server  2000 - 8.00.2055 (Intel X86)
    Dec 16 2008 19:46:53
    Copyright (c) 1988-2003 Microsoft Corporation
    Standard Edition on Windows NT 5.2 (Build 3790: Service Pack 2)
---

This was a time based blind injection, so each of the above characters took
an average of 20 seconds to retrieve.  It's perfectly obvious what the
"Microsoft Corporation" part is going to be, for example.  When each
character takes many queries with wait commands to retrieve, this can be
quite heavy on the DBMS.

Not a huge deal, but if this feature made it into a future release, I
certainly wouldn't complain.

Regards

Chris

On 10 January 2012 16:42, ryan cartner <ryan.cart...@gmail.com> wrote:

> Not sure how difficult this would be to implement, or whether or not
> anyone elses workflow would benefit from it, but I thought I'd throw it out
> there.
>
> When sqlmap is retrieving characters for a string, it's often obvious what
> the string is long before sqlmap retrieves it all. Would be nice if I could
> stop it, submit a guess, and have sqlmap test that before continuing on.
>
> I imagine this would be kinda tough with threads but I haven't
> familiarized myself wtih the code enough to know.
>
>
> ------------------------------------------------------------------------------
> Write once. Port to many.
> Get the SDK and tools to simplify cross-platform app development. Create
> new or port existing apps to sell to consumers worldwide. Explore the
> Intel AppUpSM program developer opportunity. appdeveloper.intel.com/join
> http://p.sf.net/sfu/intel-appdev
> _______________________________________________
> sqlmap-users mailing list
> sqlmap-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>

------------------------------------------------------------------------------
Write once. Port to many.
Get the SDK and tools to simplify cross-platform app development. Create 
new or port existing apps to sell to consumers worldwide. Explore the 
Intel AppUpSM program developer opportunity. appdeveloper.intel.com/join
http://p.sf.net/sfu/intel-appdev
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users

Reply via email to