Re: [sqlmap-users] Trouble in enumerating the tables
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] Trouble in enumerating the tables
|
From: Andres R. <and...@gm...> - 2008-10-21 13:52:03
|
Bernardo, On Tue, Oct 21, 2008 at 6:34 AM, Bernardo Damele A. G. <ber...@gm...> wrote: > Hi, > > On Tue, Oct 21, 2008 at 08:09, v4d25f7gb2e7 tgb4sr02be24 > <ve7...@gm...> wrote: >> ... >> C:\My Documents\sqlmap-0.6.1_exe>sqlmap -v 2 --eta -u "http://192.168.0.31/sqlte >> st.php?id=1" -s c:\resume.log -D database1 --tables >> >> sqlmap/0.6.1 coded by Bernardo Damele A. G. <ber...@gm...> >> and Daniele Bellucci <dan...@gm...> >> >> [*] starting at: 15:54:37 >> >> [15:54:37] [INFO] resuming injection point 'GET' from session file >> [15:54:37] [INFO] resuming injection parameter 'id' from session file >> [15:54:37] [INFO] resuming injection type 'numeric' from session file >> [15:54:37] [INFO] resuming 0 number of parenthesis from session file >> [15:54:37] [INFO] resuming back-end DBMS 'PostgreSQL' from session file >> [15:54:37] [INFO] testing connection to the target url >> back-end DBMS: PostgreSQL >> >> [15:54:38] [INFO] fetching tables for database 'database1' >> [15:54:38] [INFO] fetching number of tables for database 'database1' >> [15:54:38] [INFO] query: SELECT COALESCE(CAST(COUNT(tablename) AS CHARACTER(1000 >> 0)), (CHR(32))) FROM pg_tables WHERE schemaname=(CHR(100)||CHR(97)||CHR(116)||CH >> R(97)||CHR(98)||CHR(97)||CHR(115)||CHR(101)||CHR(49)) >> [15:54:38] [INFO] retrieved: 0 >> [15:54:40] [INFO] performed 13 queries in 1 seconds >> [15:54:40] [WARNING] unable to retrieve the number of tables for database 'datab >> ase1' >> [15:54:40] [ERROR] unable to retrieve the tables for any database > > As you can read from sqlmap documentation online[1] or on the doc/ folder: > > "Note that on PostgreSQL you have to provide public or the name of a > system database because it is not possible to enumerate other > databases tables, only the users' schema that the web application's > user is connected to, which is always public." > > So on PostgreSQL if you want to retrieve the tables for the current > database provide 'public' as DB name. > > On others DBMS it works. Refer to sqlmap documentation examples. Maybe you could define that as a default for postgresql? Something like... $ ./sqlmap ... --enumerate-tables ... fingerprinted as postgresql ... you didn't specified the table name, using "public" as default. ... working... results: $ > [1] http://sqlmap.sourceforge.net/doc/README.html#ss5.4 > > Cheers, > -- > Bernardo Damele A. G. > > E-mail / Jabber: bernardo.damele (at) gmail.com > Mobiles: +39-3493821385 (IT), +44-(0)7788962949 (UK) > PGP Key ID: 0x05F5A30F > > ------------------------------------------------------------------------- > This SF.Net email is sponsored by the Moblin Your Move Developer's challenge > Build the coolest Linux based applications with Moblin SDK & win great prizes > Grand prize is a trip for two to an Open Source event anywhere in the world > http://moblin-contest.org/redirect.php?banner_id=100&url=/ > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > -- Andres Riancho http://w3af.sourceforge.net/ Web Application Attack and Audit Framework |
