Hi.
In theory this works, in practice it doesn't. We already overturned 2-3
guys proposing this. Today's pages are too dynamic (banners, promos, etc.).
Also, you would need a parameter value with a big covering range (lots of
different values).
Also, whoever wrote this don't have a clue about this subject: ' The
attacker would then take a checksum of the returned html data'. This is
being done in kiddish scripts. Real SQLi tool knows that checksum is faaar
from reliable.
Anyway, answer is no.
Kind regards,
Miroslav Stampar
On Feb 20, 2013 2:11 AM, "Julius Kivimäki" <julius.kivim...@gmail.com>
wrote:
> Should probably look into adding this,
> http://www.blackhatlibrary.net/SQL_injection/Blind/Comparative_precomputation
>
> ------------------------------------------------------------------------------
> Everyone hates slow websites. So do we.
> Make your web apps faster with AppDynamics
> Download AppDynamics Lite for free today:
> http://p.sf.net/sfu/appdyn_d2d_feb
> _______________________________________________
> sqlmap-users mailing list
> sqlmap-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>
------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_feb
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
