Hi Anton.

ACK and put on TODO list.

Kind regards,
Miroslav Stampar

On Sun, May 27, 2012 at 8:19 PM, Anton Sazonov <anton.sazo...@gmail.com>wrote:

> Thanks for answering, Miroslav.
>
> I must haven't been clear enough in my previous post. What I mean is
> that, say, you got a website under your purview, an example.com.
> There's a vulnerable script at
> http://www.example.com/example.php?id=1&id2=2 and "id" is vulnerable.
>
> Say, there's another SQLi in http://www.example.com/exampe2.asp";.
>
> Basically, every time I need to --dbs, --columns or whatever, I have
> to _type in exactly the same URL and parameters_ which are _already
> stored in the log file_. What I'm proposing to do is to add an option
> to specify a domain name and (optionally) select from a number of
> available attacks and go from there. Something like ./sqlmap.py -D
> example.com --dbs.
>
> Otherwise, we, the users, are forced to look up the logs in search of
> the vulnerable script and its settings.
>
> That'd just make things so much simpler for further attacks against
> the "victim" server.
>
> Thanks for your time and the work you put into this,
> Anton Sazonov
>
> On Sun, May 27, 2012 at 6:58 PM, Miroslav Stampar
> <miroslav.stam...@gmail.com> wrote:
> > Hi Anton.
> >
> > Maybe I am missing something:
> > "I must be missing something, but shouldn't there be a command line
> > switch to perform the exact same SQLi you did on your target machine"
> >
> > If you are referring to a normal session resumal then it's automatically
> > being done. If you mean that you want to use information of SQLi from one
> > target to another then there is no such option.
> >
> > If you need that first scenario then please tell which version do you
> use?
> >
> > Kind regards,
> > Miroslav Stampar
> >
> > On Sat, May 26, 2012 at 1:32 AM, Anton Sazonov <anton.sazo...@gmail.com>
> > wrote:
> >>
> >> Hello there,
> >>
> >> I must be missing something, but shouldn't there be a command line
> >> switch to perform the exact same SQLi you did on your target machine?
> >> I do realize that the vulnerabilities are stored in
> >> $SQLMAP/output/$HOSTNAME/log and are rather easy to replicate, if
> >> frustrating.
> >>
> >> Wouldn't that be easier for the end-users to just add an option to
> >> specify the already injected and confirmed server in the command line,
> >> as in, for example, ./sqlmap.py -h example.com --dbs?
> >>
> >> Couldn't find it in the documentation for the life of me. Apologies if
> >> it has already been brought up.
> >>
> >> Thanks,
> >> Anton
> >>
> >>
> >>
> ------------------------------------------------------------------------------
> >> Live Security Virtual Conference
> >> Exclusive live event will cover all the ways today's security and
> >> threat landscape has changed and how IT managers can respond.
> Discussions
> >> will include endpoint security, mobile security and the latest in
> malware
> >> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> >> _______________________________________________
> >> sqlmap-users mailing list
> >> sqlmap-users@lists.sourceforge.net
> >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
> >
> >
> >
> >
> > --
> > Miroslav Stampar
> > http://about.me/stamparm
>



-- 
Miroslav Stampar
http://about.me/stamparm
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users

Reply via email to