[sqlmap-users] strange bheviour with MySQL on Ubuntu
Brought to you by:
inquisb
Menu
▾
▴
[sqlmap-users] strange bheviour with MySQL on Ubuntu
|
From: jebe8668 <jeb...@gm...> - 2009-04-01 10:20:22
|
Hi all, testing sqlmap-0.64 on an Ubuntu box, with: apache 2 2.2.4-3ubuntu0.2 mysql 5.0.45-Debian_1ubuntu3.4-log php5.2.3-1ubuntu6.5 exploitable php: $query = "SELECT c2 FROM cms WHERE c1=".$_GET['id']; I can do union inj by hand, but sqlmap returns: GET parameter 'id' is unescaped numeric injectable with 0 parenthesis but dies on error: [ERROR] sqlmap was not able to fingerprint the back-end database management system. Support for this DBMS will be implemented if you ask, just drop us an email if I add option --dbms MySQL I get [12:19:06] [INFO] testing MySQL [12:19:06] [WARNING] the back-end DMBS is not MySQL [12:19:06] [ERROR] sqlmap was not able to fingerprint the back-end database management system. Support for this DBMS will be implemented if you ask, just drop us an email what's going on ? Note that I have succesfully used sqlmap against an oracle10 dbms with php5 in front... cheers |
