Best SEO Services Company in Dallas | Best SEO Agency Dallas
sqlmap - "One Tiny Step At a Time"
1. sqlmap - “One Tiny Stepsqlmap - “One Tiny Step
At a Time”At a Time”
Miroslav Stampar
(miroslav@sqlmap.org)
sqlmap - “One Tiny Stepsqlmap - “One Tiny Step
At a Time”At a Time”
Miroslav Stampar
(miroslav@sqlmap.org)
2. Bsides Chile Security Conference November 07th, 2020 2
“Everything can be achieved through
gradual steps – one small step at a time:
overcoming fears, fulfilling dreams... anything
you wish to be different from the way it is.”
A.J. Darkholme, Rise of the Morningstar
Leitmotif (Leitmotif (/ˌlaɪtmoʊˈtiːf//ˌlaɪtmoʊˈtiːf/))
4. Bsides Chile Security Conference November 07th, 2020 4
Short project introductionShort project introduction ((II))
Free and open source penetration testing tool
that automates the process of detecting and
exploiting SQL injection flaws and taking over
of database server(s)
Written in Python (2 & 3)
14 years old (July 25th
2006)
2 authors / core developers (Bernardo Damele
and Miroslav Stampar)
100% accuracy and 0% false-positives by
WAVSEP benchmark of 64 Web Application
Scanners (sectoolmarket.com)
5. Bsides Chile Security Conference November 07th, 2020 5
Short project introductionShort project introduction ((IIII))
32 supported DBMSes (MySQL, MsSQL, etc.)
6 supported SQLi techniques (boolean-based
blind, error-based blind, etc.)
> 4,000 user reported Issues closed in last 8
years (since switched from SourceForge SVN to
GitHub GIT)
> 9,500 commits (from the beginning)
> 72,000 LoC (Lines of Code)
> 1,000 repository clones per day
> 7,500 daily unique web visitors (sqlmap.org)
> 1,500 daily unique web visitors (github.com)
6. Bsides Chile Security Conference November 07th, 2020 6
Short project introductionShort project introduction ((IIIIII))
7. Bsides Chile Security Conference November 07th, 2020 7
Short project introductionShort project introduction ((IVIV))
8. Bsides Chile Security Conference November 07th, 2020 8
Short project introductionShort project introduction ((VV))
28. Bsides Chile Security Conference November 07th, 2020 28
Latest “tiny step” (Latest “tiny step” (II))
JSON aggregation across 4 major DBMSes
(MySQL, Oracle, MsSQL and PostgreSQL)
Putting whole query result into a JSON array
?id=1 UNION ALL SELECT
NULL,NULL,CONCAT('qqkzq',JSON_ARRAYAGG(CONC
AT_WS('aitagt',address,birthday,cc,email,id
,name,occupation,password,phone)),'qbkkq'),
NULL,NULL,NULL FROM testdb.users-- -
Effectively reducing table dumps to a single
query (if supported by the target)
Prerequisite is that UNION-query SQLi has to be
usable (Note: even partial is enough)