Miroslav Stampar
Miroslav Stampar
@lukapusic doable... though, only MsSQL as I can see. So, introducing too many new options for just one DBMS is a coding anti-pattern in sqlmap
As of `HTTP Parameter Pollution` it is already implemented with `--hpp`: ``` $ python sqlmap.py -hh | grep hpp --hpp Use HTTP parameter pollution method ```
--hex already does wonders in this field, but some kind of automation is required
Just tested `--hex` and it works for binary data inside BLOB for MySQL. Testing case: ``` USE testdb; CREATE TABLE blobby (id int, data blob); INSERT INTO blobby VALUES(5, LOAD_FILE('/bin/true'));...
You can manually extract those easily. E.g. \?ec -> binary ec We still have some work here to be done. Can't promise you dates (maybe these days). Issue is that...
If you are getting unreadable strings everywhere, especially in cases where you expect true strings (e.g. --banner), then you have a false positive Which technique is used in your case?...
@charl1 just made a sample Oracle table with `XMLTYPE` inside and everything went well (both with `--hex` and without). I am not sure what sort of data are you retrieving,...
@charl1 now i see that with Oracle 11g there is a feature to store `XMLTYPE` in _"post-parse binary format"_ [1]. When creating table with that option this needs to be...
This getting of information drop by drop is contra productive Dana 15.1.2013. 12:56 "charl1" [email protected] je napisao/la: > Hi, thanks for info, but not it is 11g in this case....
@charl1 `Maybe... solving this problem WARNING] possible server detected trimmed output (due to its length):` - nope. Problem here is that web backend server is trimming further output (most probably...