Dailydave mailing list archives
Re: hotel room things
From: "Rhys Kidd" <rhyskidd () gmail com>
Date: Mon, 14 May 2007 23:23:27 +0800
Dave, I'm personally a big fan of sqlmap, http://sqlmap.sourceforge.net/. for blind SQL injection and enumeration. Some nice features include: - Using both page hashes and string matches to pick responses apart. - Extensive fingerprinting - Limited IDS evasion. - Support for a variety of RDBMS' Being able to do the below in Python is hot; in a very PCI-is-a-buzz-word kind of way. $ python sqlmap.py -u "http://localhost/index.php?id=1&cat=2" --tables -D mysql Database: mysql [21 tables] +---------------------------+ | columns_priv | | db | | event | | func | | general_log | | help_category | | help_keyword | | help_relation | | help_topic | | host | | plugin | | proc | | procs_priv | | slow_log | | tables_priv | | time_zone | | time_zone_leap_second | | time_zone_name | | time_zone_transition | | time_zone_transition_type | | user | +---------------------------+
_______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- hotel room things Dave Aitel (May 13)
- Re: hotel room things rd (May 14)
- Re: hotel room things Rhys Kidd (May 14)
- Re: hotel room things rd (May 14)