Hi.
I see your point, but this is more a case for a some kind of PoC tool (and
not sqlmap). Such scenario would (IMO) involve one more step in already
non-simple setup. It's not that it doesn't have any sense, but it doesn't
help the automated tool like sqlmap.
Kind regards,
Miroslav Stampar
On
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
> Problem is that sqlmap needs to have data retrieved to be able to
> do it's normal workflow. For example, if you do --dump sqlmap
> needs to know table columns. In your proposed case that would be
> problematic. Also, there are lots of cases when
Hi.
Problem is that sqlmap needs to have data retrieved to be able to do it's
normal workflow. For example, if you do --dump sqlmap needs to know table
columns. In your proposed case that would be problematic. Also, there are
lots of cases when we ask server for a simple questions and we need an
a
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi,
I just wanted to request a "extension" for a previous feature request
(DNS exfiltration [1]) but after looking at my former feature request
I realized that it included already the feature I was about to request:
- --dns-domain for non-root user
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi,
in cases where sqlmap is run against targets on internal networks it
would be great if one could tell sqlmap to simply proceed without
expecting incoming DNS requests, because sqlmap can not be executed
directly on the DNS server (which can't re
Good question Miroslav.. I tried to think in something that can be
implemented without ruin sqlmap query schema, but I could not come to any
conclusion... =(
The thing is, sqlsus use a different approch to dump the data, making this
kind of thing possible...
The solution that I found in this part
Hi David.
And what do you recommend to be done in case of query with length >
max_inj_length?
Kind regards,
Miroslav Stampar
On Apr 1, 2013 11:14 PM, "David Guimaraes" wrote:
> Hi, I am trying to perform sql injection on a web site but I can not get
> successful due to a size limitation on the
Hi, I am trying to perform sql injection on a web site but I can not get
successful due to a size limitation on the query sent to the server. The
server is limiting the size of query in 512 bytes only and sqlmap do not
have any customization that allows me to bypass this restriction like
sqlsus "ma
On 26 June 2012 10:48, Bernardo Damele A. G. wrote:
> In the meantime, we have --predict-output switch. You can tweak
> upfront the txt/common-outputs.txt for speed improvements.
> Refer to the user's manual for details.
Unfortunately that doesn't help when it is in the middle of a run and
you sp
In the meantime, we have --predict-output switch. You can tweak
upfront the txt/common-outputs.txt for speed improvements.
Refer to the user's manual for details.
Bernardo
On 26 June 2012 09:36, Robin Wood wrote:
> On 26 June 2012 08:10, Miroslav Stampar wrote:
>> Hi Robin.
>>
>> You are an xy
On 26 June 2012 08:10, Miroslav Stampar wrote:
> Hi Robin.
>
> You are an xyz-th user with this same request ;)
Thought I might be.
> Problem is that Python doesn't have a getch() mechanism (there are some
> dirty hacks, but are really dirty, OS dependent and unstable) making it
> clumsy for thi
Hi Robin.
You are an xyz-th user with this same request ;)
Problem is that Python doesn't have a getch() mechanism (there are some
dirty hacks, but are really dirty, OS dependent and unstable) making it
clumsy for this feature. You would have to enter something and press Enter
for it to register
I technique is the mechanism by which the SQL injection works, be it
UNION, Blind, Stacked, or what have you. The technique alters how you
may do what you are asking for.
On Mon, Jun 25, 2012 at 12:32 PM, Robin Wood wrote:
> I was retrieving table names at the time but I guess it would help in ot
I was retrieving table names at the time but I guess it would help in other
situations as well.
Robin
On Jun 25, 2012 6:07 PM, "Miroslav Stampar"
wrote:
> You forgot to mention which technique?
>
> Kind regards,
> Miroslav Stampar
>
> On Mon, Jun 25, 2012 at 6:03 PM, Robin Wood wrote:
>
>> I've
You forgot to mention which technique?
Kind regards,
Miroslav Stampar
On Mon, Jun 25, 2012 at 6:03 PM, Robin Wood wrote:
> I've just been testing a site which has to have the --no-cast option
> to retrieve data, it works great but it is very slow. Because of this
> I'd quite often guessed the d
I've just been testing a site which has to have the --no-cast option
to retrieve data, it works great but it is very slow. Because of this
I'd quite often guessed the data it was pulling down way before the
command had finished, especially with table names.
It would be really good if you could in
Find it unhidden with the latest r5123.
Kind regards
On Thu, Jun 14, 2012 at 3:51 PM, Miroslav Stampar <
miroslav.stam...@gmail.com> wrote:
> Ok. Cool :)
>
> We'll most probably unhide that switch these days as it's a quite usable
> one
>
> Kind regards
>
>
> On Thu, Jun 14, 2012 at 3:49 PM, Yor
Ok. Cool :)
We'll most probably unhide that switch these days as it's a quite usable one
Kind regards
On Thu, Jun 14, 2012 at 3:49 PM, Yori Kvitchko <
y...@counterhackchallenges.com> wrote:
> Miroslav,
>
> It looks like --test-filter is what I need. I don't need a custom suffix
> and prefix, I
Miroslav,
It looks like --test-filter is what I need. I don't need a custom suffix
and prefix, I just need to force sqlmap to use a specific test it
already has in its collection of payloads.xml and only that test. If I
can use test-filter to select exactly the test I need and sqlmap will
onl
Hi Yori.
"With that in mind it makes sense to be able to specify a test/payload
combination that you have found and you know is working."
We already have two mechanisms for such thing:
1) --prefix/--suffix where you can specify what are the prefix and suffix
of SQL injection vector (e.g. --prefix
Hey Everyone,
New to the list but have been using sqlmap for a while now. I recently
participated in a CTF with an interesting blind, filter bypass sql
injection. Lots of restrictions. I set a challenge for myself to solve
it using sqlmap and managed to get it working with some effort. Of the
CSRF protection bypass is in the TODO list, it will be implement at some point.
Bernardo
On 14 March 2012 18:57, a nice guy wrote:
> Hello,
>
> I think it would great if sqlmap could detect which post-parameter
> contains the csrf-token, if any,
> or select the toke manually.
>
> kind regards,
You can provide cookies and POST parameters to -p already as well as
"ua" for User-Agent.
Bernardo
On 14 March 2012 18:54, a nice guy wrote:
>
> Hello,
>
> It would be very nice if it would be possible to specify the targeted
> value directly for
> post/cookie/agent/referrer, as it is possible
Hello,
It would be very nice if it would be possible to specify the targeted
value directly for
post/cookie/agent/referrer, as it is possible for get with -p.
And may be, there should be a list shown before the injection starts,
where you can
choose "All" or "Number of parameter".
kind regards
Hello,
I think it would great if sqlmap could detect which post-parameter
contains the csrf-token, if any,
or select the toke manually.
kind regards,
a nice guy
--
Virtualization & Cloud Management Using Capacity Planni
Hi.
As said, python is constrained in this manner. You can't even listen to
keystrokes, so if there would be a 'listening thread' you would need to
enter whole 'guess' and press enter for it to process (also, console output
would be mess) - raw_input().
So, it would be clumsy as well, but other t
On 11 January 2012 11:32, Bernardo Damele A. G.
wrote:
> Hi Chris,
>
> You can tune txt/common-outputs.txt to your needs in order to make
> --predict-output more efficient for your test.
>
> Bernardo
>
> On 11 January 2012 11:29, Chris Oakley wrote:
>> I think Ctrl+C is going to be the only way t
Hi Chris,
You can tune txt/common-outputs.txt to your needs in order to make
--predict-output more efficient for your test.
Bernardo
On 11 January 2012 11:29, Chris Oakley wrote:
> I think Ctrl+C is going to be the only way to do it reliably in Python. I
> wasn't actually aware of the --predic
I think Ctrl+C is going to be the only way to do it reliably in Python. I
wasn't actually aware of the --predict-output switch and will have a play,
but from the description it does sound like it falls short a little. That
said, if there are higher priority features or bug fixes... it's not the
e
Hi again.
Minor update. --predict-output switch will perform well only on start of
outputs. So, it will greatly speed up the starting part with "Microsoft SQL
Server" but the rest is done normally (won't go into detail why and how is
this performed only for the beginning of the retrieved string).
Hi Hans.
Basically, you are right. --predict-output is a good replacement for this
kind cases, but I am not sure if it's enough for Ryan and Chris.
Also, i'll need to take a look into it and maybe upgrade it a bit as there
hasn't been development on it for more than a year.
Kind regards,
Mirosla
Hello everyone,
Whats with --predict-output ??
Maybe you could use that.
Cheers
Am 11.01.2012 um 09:09 schrieb Miroslav Stampar :
Hi guys.
This would be implemented long time ago only if Python wasn't such really
bad about interrupting it's processes. Sadly, you can 'pause' (interrupt)
them on
Hi guys.
This would be implemented long time ago only if Python wasn't such really
bad about interrupting it's processes. Sadly, you can 'pause' (interrupt)
them only by Ctrl+C. Now, I can put this there, but it will be clumsy at
least.
If you have other ideas how to deal with this problem, pleas
I'm sure that there are higher priorities than this, but I have to add that
this would be useful for me too. As an example, on a recent test I was
grabbing the banner of the DBMS as a quick POC for a client.
The banner was as follows:
Banner:
---
Microsoft SQL Server 2000 - 8.00.2055 (Intel X86
Not sure how difficult this would be to implement, or whether or not anyone
elses workflow would benefit from it, but I thought I'd throw it out there.
When sqlmap is retrieving characters for a string, it's often obvious what
the string is long before sqlmap retrieves it all. Would be nice if I c
Thanks for those great improvements.
Andres
El 29 de agosto de 2011 15:41, Miroslav Stampar
escribió:
> hi again.
>
> with the last commit r4369 new switch "--skip" is added.
>
> e.g. --skip=ua
> or
> e.g. --skip=random-agent
> or
> e.g. --skip="ua,random-agent,id,id2"
>
> will make sqlmap expl
hi again.
with the last commit r4369 new switch "--skip" is added.
e.g. --skip=ua
or
e.g. --skip=random-agent
or
e.g. --skip="ua,random-agent,id,id2"
will make sqlmap explicit skip the testing of parameters provided this way
kind regards
2011/8/20 Andres Tarascó Acuña :
> hi there!
>
> I would
hi Andres.
with the latest r4366 commit there is a new switch implemented
'--randomize' by your request.
example of usage:
-u "www.site.com/vuln.php?id=1&id2=2&id3=3" --randomize=id2
it will automatically randomize parameter value for id2 in further
requests regarding it's "template type"
integ
hi there!
I would like to suggest a feature that I think many of you will find it
useful. The idea is to allow sqlmap or an sqlmap tamper script to create
random data on each request, against targeted parameters, to bypass unique
key restrictions. afaik there is no way to achieve this with latest
Hi,
This is easily accomplished with already available tools.
ex: route add -host 1.1.1.1 dev eth0:0 gw your_gw
cheers
james
On Mon, 20 Jun 2011 19:05:07 +0200, Miroslav Stampar wrote:
> ok.
>
> you probably need something like:
>
> http://www.thegoldfish.org/2009/05/python-httpconnection-
ok.
you probably need something like:
http://www.thegoldfish.org/2009/05/python-httpconnection-bound-to-network-interface/
we'll see what can be done (these days)
kr
On Mon, Jun 20, 2011 at 6:55 PM, Miroslav Stampar
wrote:
> hi Kirill.
>
> you mean something like -e eth0?
>
> kr
>
> On Mon, Ju
hi Kirill.
you mean something like -e eth0?
kr
On Mon, Jun 20, 2011 at 5:24 PM, Kirill Morozov wrote:
> Hi,
> it would be very useful if i could specify another source ip address from
> interface for sqlmap http requests.
>
> --
> Kirill Morozov
> KIMO2-RIPE, RHCE
>
>
>
> --
Hi,
it would be very useful if i could specify another source ip address from
interface for sqlmap http requests.
--
Kirill Morozov
KIMO2-RIPE, RHCE
--
EditLive Enterprise is the world's most technically advanced content
Andres,
On 28 Apr 2011, at 13:53, "Andres Tarascó Acuña" wrote:
Thanks David!
so, to test sveral URI segments, i probable need to use something
like: ./sqlmap.py -u http://host/path/chunk1*/chunk2* --data="postparameter=foo"
is that right?
Yes.
what should i type into the "-p" parameter to c
Thanks David!
so, to test sveral URI segments, i probable need to use something
like: ./sqlmap.py -u http://host/path/chunk1*/chunk2* --data="postparameter=foo"
is that right?
what should i type into the "-p" parameter to check sql injections only
against chunk2 (instead of attacking "postparamete
Indeed, thanks David for replying.
I will update the user's manual with this feature at some point like someone
else pointed out.
Cheers,
Bernardo Damele A. G.
This message was sent from a smartphone
On 28 Apr 2011, at 13:33, David Guimaraes wrote:
Use * character at param value:
http://vulns
Use * character at param value:
http://vulnsite.com/vulnscript/1*/2
2011/4/28 Andres Tarascó Acuña
> Hello,
>
> I'm new to the list so probably I'm going to ask for something that was
> previously discussed. Anyway, I'm going to try :)
>
> I wish to know if there are plans to support "URI sql i
Hello,
I'm new to the list so probably I'm going to ask for something that was
previously discussed. Anyway, I'm going to try :)
I wish to know if there are plans to support "URI sql injection" in the near
future. By URI injection i mean testing for sql injections on the URI
instead of attacking
hi.
this is implemented with r3496.
support for Windows users is also incorporated through much slower 3rd
party fcrypt module included in extra folder.
kr
On Fri, Mar 25, 2011 at 8:01 AM, Miroslav Stampar
wrote:
> hi.
>
> no problem. only thing is that this will be limited to sqlmap on Unix
>
hi.
no problem. only thing is that this will be limited to sqlmap on Unix
platforms as we'll need to use crypt module
(http://docs.python.org/library/crypt.html). other (manual written)
solutions would be too slow.
kr
On Fri, Mar 25, 2011 at 5:58 AM, Kirill Morozov wrote:
> Hi, Miroslav,
>
> pl
Hi, Miroslav,
please add standart DES hash(13 chars, 2 bytes salt) support to sqlmap.
Thanks.
--
Kirill Morozov
KIMO2-RIPE, RHCE
--
Enable your software for Intel(R) Active Management Technology to meet the
growing mana
hi Kirill.
you are right. it's should be disabled by default.
now it can be enabled by usage of a switch --page-rank
kr
On Wed, Mar 23, 2011 at 11:07 AM, Kirill Morozov wrote:
> By default pagerank check is always enabled, but google can ban your IP if
> you make too much requests.
> I don't n
By default pagerank check is always enabled, but google can ban your IP if
you make too much requests.
I don't need PR check at all. Attached patch helps you to disable PR check
via config. I hope this will be in trunk.
Thanks.
--
Kirill Morozov
KIMO2-RIPE, RHCE
--- sqlmap-dev/lib/controller/cont
53 matches
Mail list logo
