What's the problem (or question)?
Is it possible to list information only with the DNS exfiltration attack technique?
I have a possible injection to a mssql 2016 but only for the DNS interaction technique. But not if it is possible to enumerate information from the database
Do you have an idea for a solution?
No idea.
What are the running context details?
- Installation method (e.g.
pip, apt-get, git clone or zip/tar.gz):
- Client OS (e.g.
Microsoft Windows 10)
- Program version (
python sqlmap.py --version or sqlmap --version depending on installation):
- Target DBMS: Microsoft SQL Server 2016
- SQLi techniques found by sqlmap: Out-of-band (DNS) SQL
- Results of manual target assessment (e.g. found that the payload
query=test' AND 4113 IN ((SELECT 'foobar'))-- qKLV works):
What's the problem (or question)?
Is it possible to list information only with the DNS exfiltration attack technique?
I have a possible injection to a mssql 2016 but only for the DNS interaction technique. But not if it is possible to enumerate information from the database
Do you have an idea for a solution?
No idea.
What are the running context details?
pip,apt-get,git cloneorzip/tar.gz):Microsoft Windows 10)python sqlmap.py --versionorsqlmap --versiondepending on installation):query=test' AND 4113 IN ((SELECT 'foobar'))-- qKLVworks):