Re: [sqlmap-users] Pre-12.5.1 Sybase compatibility
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] Pre-12.5.1 Sybase compatibility
|
From: Miroslav S. <mir...@gm...> - 2012-01-27 14:44:54
|
Hi Brian. Sorry for the late reply. You can try it yourself and report back. You can go to the xml/queries.xml, line 533 and change: ...count2="SELECT COUNT(*) FROM (SELECT DISTINCT %s FROM %s) AS value_table"/> to: ...count2="SELECT COUNT(DISTINCT %s) FROM %s"/> Please, also try with multiple column names (e.g. --dump for a table with multiple column names) Kind regards, Miroslav Stampar On Wed, Jan 25, 2012 at 1:56 AM, Brian Poole <po...@gm...> wrote: > Hello, > > Recently I've run into an issue with sqlmap and a pre-12.5.1 Sybase DB. It > seems pre-12.5.1 Sybase DBs do not support derived tables (e.g., SELECT * > FROM (SELECT example from table) as name). sqlmap uses these when > enumerating the table so it quickly runs into syntax errors. The feature > announcement for derived tables in 12.5.1 is below: > > > http://manuals.sybase.com/onlinebooks/group-as/asg1251e/whatsnew/@ebt-link;pt=584?target=%25N%14_1010_START_RESTART_N%25 > > I took a quick look and some of the basic queries can be rewritten, e.g.: > > AND ASCII(SUBSTRING((SELECT > ISNULL(CONVERT(NVARCHAR(4000),COUNT(*)),CHAR(32)) FROM (SELECT DISTINCT > mmlP.name FROM (SELECT name FROM master..sysdatabases) AS mmlP) AS > value_table),3,1)) > 1 > > to > > AND ASCII(SUBSTRING((SELECT ISNULL(CONVERT(NVARCHAR(4000),(SELECT > COUNT(DISTINCT name) FROM master..sysdatabases)),CHAR(32)) ),3,1)) > 1 > > However I'm unclear if this would work in all cases (and if so, how it > could be done cleanly.) Thoughts? > > Brian > > > ------------------------------------------------------------------------------ > Keep Your Developer Skills Current with LearnDevNow! > The most comprehensive online learning library for Microsoft developers > is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, > Metro Style Apps, more. Free future releases when you subscribe now! > http://p.sf.net/sfu/learndevnow-d2d > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar http://about.me/stamparm |