sqlmap icon indicating copy to clipboard operation
sqlmap copied to clipboard

Published 20 hours ago verified publisher icon sqlmapproject

Implement out-of-band for data fetching

Open bdamele opened this issue 13 years ago • 2 comments

Recently we implemented DNS for data fetching. The objective is to implement more out-of-band techniques for data fetching:

  • HTTP requests (Oracle UTL_HTTP)
  • openrowset (to replicate dbms remotely on MSSQL)
  • db_link() (to replicate dbms remotely on PgSQL)

Some relevant materials:

  • http://www.hideaway.net/2007/08/out-of-band-oracle-sql-injection-with.html
  • http://www.learnsecurityonline.com/offerings/videos/non-lso/165-defcon-15-t202-sql-injection-and-out-of-band-channeling

bdamele avatar Jun 26 '12 14:06 bdamele

openrowset is usually disabled by default these days. xp_dirtree might work for exfil, but it more likely to be blocked by firewalls.

marksteward avatar Sep 12 '19 21:09 marksteward

amigo me interesa este proyecte actualiza tiene muchas fallas por favor [email protected] valoro el trabajo de los demás eres un crack

Thanioner avatar Dec 07 '22 07:12 Thanioner