and when we use -C user_name does it search for User_name and User_Name
column names ?
On Tue, Feb 10, 2015 at 12:11 AM, a dehqan wrote:
> So to search in all tables for value "string" , i think the only way is to
> use sp like this
> http://blogs.lessthandot.com/index.php/
So to search in all tables for value "string" , i think the only way is to
use sp like this
http://blogs.lessthandot.com/index.php/DataMgmt/DataDesign/the-ten-most-asked-sql-server-questions--1/#2
But is it possible to craete it in sql shell ?
Regards
On Wed, Feb 4, 2015 at 7:29 PM
stest available technique for data retrieval.
>
> Bye the way, result of INSERT statement is always NULL. Those are basics.
>
> Bye
> On Feb 9, 2015 2:59 PM, "a dehqan" wrote:
>
>> no I want stack query ,but not to use timebase injection detection as
>> this
R(113)+(SELECT (CASE WHEN
(9622=9622) THEN CHAR(49) ELSE CHAR(48)
END))+CHAR(113)+CHAR(98)+CHAR(102)+CHAR(100)+CHAR(113))) AND 'PkmV'='PkmV
How can i have this payload with type of stack query
Regards
On Mon, Feb 9, 2015 at 2:42 AM, a dehqan wrote:
> Guys is there any chance ?
Guys is there any chance ?
Thanks in advance
On Thu, Feb 5, 2015 at 7:31 PM, a dehqan wrote:
> I mean how may i have custom payload :
>
> Payload: req=6&senderid=1' AND 9622=CONVERT(INT,(SELECT
> CHAR(113)+CHAR(101)+CHAR(111)+CHAR(99)+CHAR(113)+(SELECT (CASE WHEN
>
kmV
On Thu, Feb 5, 2015 at 4:42 PM, a dehqan wrote:
> Hi
>
> sqlmap gave me shell with injection type of stack queries ,but
> Payload is like this :
>
> id=6&rid=1'; WAITFOR DELAY '0:0:5'--
>
> When i want insert with admin user sqlmap returns NULL an
Hi
sqlmap gave me shell with injection type of stack queries ,but
Payload is like this :
id=6&rid=1'; WAITFOR DELAY '0:0:5'--
When i want insert with admin user sqlmap returns NULL and fails ,
Only says this before trying :
[WARNING] time-based comparison requires larger statistical model, plea
Hi
Can we use Thread witch while dumping database ?
I mean it an be the only way to have faster dump ?
Regards
--
Dive into the World of Parallel Programming. The Go Parallel Website,
sponsored by Intel and developed in
how may i deploy this sp with sql shell ?
http://pastebin.com/NtDWccp0
On Wed, Feb 4, 2015 at 7:10 PM, a dehqan wrote:
> this searchs in one table , How to say sql search in all tables (except
> writting all tables one by one )
>
> On Wed, Feb 4, 2015 at 7:06 PM, Brandon Pe
lue'
>
> On Wed, Feb 4, 2015 at 9:35 AM, a dehqan wrote:
>
>> Yes i think it's the way ,
>> How may i search based on column value in all tables all columns ?
>>
>>
>> On Wed, Feb 4, 2015 at 6:53 PM, is2reg wrote:
>>
>>> try --s
Yes i think it's the way ,
How may i search based on column value in all tables all columns ?
On Wed, Feb 4, 2015 at 6:53 PM, is2reg wrote:
> try --sql-shell
>
> 2015-02-04
> --
> is2reg
> ------
> *发件人:*a dehq
:
> --dump then grep?
>
>
> On Wed, Feb 4, 2015 at 9:11 AM, a dehqan wrote:
>
>> Hi
>>
>> Guys , is there any way to search based on fileds value on sqlmap ?
>>
>> for exmample how to search in all databases for column w
Hi
Guys , is there any way to search based on fileds value on sqlmap ?
for exmample how to search in all databases for column with value of
1232434345 ?
Regards
--
Dive into the World of Parallel Programming. The Go Par
ST parameter 'derp' is not
> exploitable" if you pass in --data="derp=testme" and ask it to test the
> "derp" parameter.
>
> Ryan
>
> On Thu, Oct 23, 2014 at 5:14 AM, a dehqan wrote:
>
>> Thanks man ;
>>
>> I want to send an
e:
> Hi.
>
> You need to put a custom injection mark * at the place where you want
> sqlmap to inject. For example:
>
> ...name[1*]
>
> Bye
>
> p.s. your example with SELECT is not a proper one as queries are usually
> not supported in stacking
>
> On Thu, Oc
Hi Guys ,
Is Sqlmap able to send an array instead of string while injecting?
Like situation we have html form and we want manually send post variable
'name' this way (value is obtained from array) :
name="name[1 ;select * from users -- ]
I want do it with Sqlmap , but how ?
Regards dehqan
--
16 matches
Mail list logo
