Miroslav, On Wed, Feb 20, 2013 at 4:15 AM, Miroslav Stampar <miroslav.stam...@gmail.com> wrote: > Hi. > > In theory this works, in practice it doesn't. We already overturned 2-3 guys > proposing this. Today's pages are too dynamic (banners, promos, etc.).
But sqlmap already supports comparing pages with minor differences (using difflib, correct?) > Also, > you would need a parameter value with a big covering range (lots of > different values). 256 different rows for a table doesn't seem to be something difficult to find; while not possible in all cases I agree. > Also, whoever wrote this don't have a clue about this subject: ' The > attacker would then take a checksum of the returned html data'. This is > being done in kiddish scripts. Real SQLi tool knows that checksum is faaar > from reliable. See difflib above. > Anyway, answer is no. I think you're disregarding a good idea (if correctly implemented it provides a 8-times performance improvement) way too fast. Implementation is going to be difficult, but the benefits are great, > Kind regards, > Miroslav Stampar > > On Feb 20, 2013 2:11 AM, "Julius Kivimäki" <julius.kivim...@gmail.com> > wrote: >> >> Should probably look into adding this, >> http://www.blackhatlibrary.net/SQL_injection/Blind/Comparative_precomputation >> >> ------------------------------------------------------------------------------ >> Everyone hates slow websites. So do we. >> Make your web apps faster with AppDynamics >> Download AppDynamics Lite for free today: >> http://p.sf.net/sfu/appdyn_d2d_feb >> _______________________________________________ >> sqlmap-users mailing list >> sqlmap-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> > > ------------------------------------------------------------------------------ > Everyone hates slow websites. So do we. > Make your web apps faster with AppDynamics > Download AppDynamics Lite for free today: > http://p.sf.net/sfu/appdyn_d2d_feb > _______________________________________________ > sqlmap-users mailing list > sqlmap-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > -- Andrés Riancho Project Leader at w3af - http://w3af.org/ Web Application Attack and Audit Framework Twitter: @w3af GPG: 0x93C344F3 ------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_feb _______________________________________________ sqlmap-users mailing list sqlmap-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/sqlmap-users
