sqlmap is a really impressive tool. Look at how fast it identifies an SQL injection and enumerates the DB schema. This is not sped up!pic.twitter.com/j3cUHNTmu1
-
-
Replying to @backus
There is no caching involved here. It is actually hitting the URL, noticing the GET parameter, fiddling with it, diffing outputs, etc.
1 reply 0 retweets 1 like -
Replying to @backus
This is only the tip of the iceberg though. sqlmap can also simulate an SQL REPL and evaluate commands for you!pic.twitter.com/OhuPTf5Xja
1 reply 1 retweet 1 like -
Replying to @backus
More fun with sqlmap: if the database user is sufficiently privileged you can also read and write system files.
1 reply 0 retweets 0 likes
Of course it also has metasploit support!https://www.slideshare.net/inquis/expanding-the-control-over-the-operating-system-from-the-database …
1:07 AM - 14 Apr 2017
0 replies
0 retweets
0 likes
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.