Miroslav,
It looks like --test-filter is what I need. I don't need a custom suffix
and prefix, I just need to force sqlmap to use a specific test it
already has in its collection of payloads.xml and only that test. If I
can use test-filter to select exactly the test I need and sqlmap will
only use that one, then I think my needs are filled.
Much appreciated.
- Yori
On 6/13/2012 6:42 PM, Miroslav Stampar wrote:
Hi Yori.
"With that in mind it makes sense to be able to specify a test/payload
combination that you have found and you know is working."
We already have two mechanisms for such thing:
1) --prefix/--suffix where you can specify what are the prefix and
suffix of SQL injection vector (e.g. --prefix="'" --suffix="-- " )
2) --test-filter (hidden this moment) where you can target a specific
test by it's name or payload (e.g. --test-filter="ROW" would trigger
MySQL error-based injection test based on old ROW(..,..)>... technique)
Now, please, if you have something other on your mind please tell so
we could discuss and maybe find some other mechanism (if those 2 don't
satisfy your needs)
Kind regards,
Miroslav Stampar
On Wed, Jun 13, 2012 at 10:19 PM, Yori Kvitchko
<y...@counterhackchallenges.com
<mailto:y...@counterhackchallenges.com>> wrote:
Hey Everyone,
New to the list but have been using sqlmap for a while now. I recently
participated in a CTF with an interesting blind, filter bypass sql
injection. Lots of restrictions. I set a challenge for myself to solve
it using sqlmap and managed to get it working with some effort. Of the
changes I had to make to get it to work included modifications to
queries.xml as well as specific arguments, but most of what I'm
going to
request here is about payloads.xml.
In trying to solve the challenge, I realized I needed to make sqlmap
laser focus on a single test. This was both for false negative
reduction, number of queries sent, and time limit. I did this
myself by
removing every other test from payloads.xml but it brought to mind the
idea of being able to specify a test via command line arguments.
You can
specify pretty much everything else on the command line, so the added
granularity would be nice.
My philosophy on sql injection is that testing for it should be done
manually, then once found, get a tool like sqlmap to work with it and
perform all the time consuming brute forcing work for you. With
that in
mind it makes sense to be able to specify a test/payload combination
that you have found and you know is working.
Thanks for your consideration. Excellent work on the tool.
- Yori
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond.
Discussions
will include endpoint security, mobile security and the latest in
malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
<mailto:sqlmap-users@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
--
Miroslav Stampar
http://about.me/stamparm
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
