So I found the database and then the table and the columns and I'm trying to dump the column data but it is too big. It keep taking ~2 mins then timing out.
Asked
Active
Viewed 1,025 times
1
-
What method of injection are you using? – Nick Mckenna Aug 12 '16 at 02:57
-
Voted for migration to SO. – peterh Aug 12 '16 at 03:07
-
For optimization it's better to post your query at [code review](http://codereview.stackexchange.com/) – Mr. E Aug 12 '16 at 04:30
-
2@peterh This won't do well on Stack Overflow. FIrst, it's not a programming question. Second, there's simply not enough information. Michael, I suggest you [edit] your question. For starters, tell us which sqlmap options you have tried. Please edit this information into your question. – S.L. Barth Aug 12 '16 at 04:30
-
This is quite common with "slow" methods such as time-based blind injection. In a security testing context, it's usually enough to show a few sensitive items (e.g. DB name, current user) to prove that the injection point exists without needing to dump the full DB. – Matthew Aug 12 '16 at 07:55
-
What's the context? If this is a pen test, it would usually suffice to say "an attacker with more time could dump your database" – paj28 Aug 12 '16 at 10:29
-
Maybe you need to optimize your exploit, limite the amount of records of your result and to know the kind of attack, for example, it could be a blind sql injection, but give more information. – hmrojas.p Aug 13 '16 at 03:00