Hi friends.
I found a sqlinject in one page before even know this great tool. This work
in a simple way:
I can get any character from the table, than I convert to number and it
download a bank page. (I don't know how translate it to english). Anyway,
this page have a unique number. So, I list all 1 to 255 unique number. If
my sql download one page, I just compare the number and get the value. With
it, I can get anything (even files).
But, the sqlmap have a good and very tested way to dump the database. My
was a crap. So, how can I translate this to the program? Although it CAN
download the database, I can make it more fast. The program get some
letters and test with great than a number. I can speed up because every
download WILL return one value.
But, the ironic is that I will need use only one thread. Lol, this is
useless. What is my options :D
Just to be clean, I do a sql command, it return, like, id=78, and download
one page (I cant get the URL of returned page). After I download it (40kb),
I do a small python command to parse the number (just get a text between
two text), than just compare in a case and get the value.
Any tip?
------------------------------------------------------------------------------
Slashdot TV.
Video for Nerds. Stuff that matters.
http://tv.slashdot.org/
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
