|
WebApp Sec
mailing list archives
Re: Time based Blind SQL injection
From: Yiannis Koukouras <ikoukouras () gmail com>
Date: Thu, 29 Mar 2012 21:04:00 +0200
Cool, I just wanted to be sure I didn't miss anything else...
Again thanx for sharing! :)
Ioannis (Yiannis) Koukouras
CISSP, CISA, CISM, OSCP
MSc in Computer Systems Security
BEng in Electronic Engineering
http://www.linkedin.com/in/ikoukouras
On Thu, Mar 29, 2012 at 4:50 PM, Danux <danuxx () gmail com> wrote:
Hi Yiannis,
The intent was to share a script as a result of a pen-test, since when
I was trying to use sqlmap and sqlninja does tools did not work for
me, and I was spending more time trying to figure out how to make them
work (possibly due to the lack of expertise on those tools). I did not
find a way to tell the tool to replace spaces with %09 but one person
in my blog (Miroslav) commented this related to sqlmap:
"There is a mechanism called tampering scripts (switch --tamper) and
in your case you could just use --tamper=space2randomblank (take a
look into ./sqlmap/tamper script for more tampering scripts beside
this space2randomblank.py one)"
So, that could be an option.
I added other features but nothing new and again, the intention is not
to replace sqlmap or sqlninja just to share the script.
On Thu, Mar 29, 2012 at 5:19 AM, Yiannis Koukouras <ikoukouras () gmail com>
wrote:
So, the only difference, from other tools out there, is the support of
TAB(%09)?
Am I missing something?
Ioannis (Yiannis) Koukouras
CISSP, CISA, CISM, OSCP
MSc in Computer Systems Security
BEng in Electronic Engineering
http://www.linkedin.com/in/ikoukouras
On Mar 13, 2012 5:04 AM, "Danux" <danuxx () gmail com> wrote:
Nothing new, just a different approach to automated the process of
blind injection based on time.
http://danuxx.blogspot.com/2012/03/time-based-blind-sql-injection.html
Hope you find it useful.
--
DanUx
------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review
Board
Prove to peers and potential employers without a doubt that you can
actually do a proper penetration test. IACRB CPT and CEPT certs require
a
full practical examination in order to become certified.
http://www.iacertification.org
------------------------------------------------------------------------
--
DanUx
This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now!
http://www.cenzic.com/2009HClaunch_Securityfocus
--------------------------------------
 By Date 
By Thread
Current thread:
- Re: Time based Blind SQL injection Yiannis Koukouras (Mar 30)
|
