-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hi all,

Long time no talk, I just came across this:
http://console-cowboys.blogspot.com/2012/01/bit-banging-your-database.html

Which looks quite promising, basically it uses the binary representation
and some boolean calculations to determine the length of fields and
other information as opposed to doing it character by character. It
basically narrows everything down to about 8 requests to find the length
of the data.

I'm not sure if SQLMap uses a technique similar, but it may be worth
looking into, as it could drastically lower the time it takes to mine
out info from time-based blind injection!

The sample code can be found here:
http://consolecowboys.org/scripts/vm_own.py

Thanks!
Ryan
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iF4EAREIAAYFAk8du7UACgkQt/95fIeU+XaLCAD/VCNgKVG1BqZO97VF+aSKKrQo
kzbcmxJOKTgLJkl6rWMA/jH7Ax5z5zrjvDxJuw6aaJLh6Yubj+2Ee8mzZ9WiFdGC
=6ngJ
-----END PGP SIGNATURE-----

------------------------------------------------------------------------------
Try before you buy = See our experts in action!
The most comprehensive online learning library for Microsoft developers
is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
Metro Style Apps, more. Free future releases when you subscribe now!
http://p.sf.net/sfu/learndevnow-dev2
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users

Reply via email to