Hi, On 13 February 2013 09:56, Владимир Мартьянов <vilgefo...@gmail.com> wrote: >> >> Morale of story goes like this. Time-based injections are fragile and you'll >> need to have LOTS of patience with those. >> > I know... But if it's the only one way I have no choice.
Have you considered giving a go to --dns-domain to verify whether or not you could exfiltrate data out-of-band via DNS requests? This has been implemented in sqlmap in mid 2012 and is documented by Miroslav here[1] and here[2]. [1] http://www.slideshare.net/stamparm/dns-exfiltration-using-sqlmap-13163281 [2] http://www.slideshare.net/stamparm/ph-days-2012miroslavstampardataretrievaloverdnsinsqlinjectionattackspaper -- Bernardo Damele A. G. E-mail / Jabber: bernardo.damele (at) gmail.com Mobile: +447788962949 (UK 07788962949) ------------------------------------------------------------------------------ Free Next-Gen Firewall Hardware Offer Buy your Sophos next-gen firewall before the end March 2013 and get the hardware for free! Learn more. http://p.sf.net/sfu/sophos-d2d-feb _______________________________________________ sqlmap-users mailing list sqlmap-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/sqlmap-users
