Re: [sqlmap-users] problem using --passwords option
Brought to you by:
inquisb
From: Bernardo D. A. G. <ber...@gm...> - 2009-10-05 08:20:02
|
It seems that the user 'fmcgman' has not access to read the 'mysql' system database. On Mon, Oct 5, 2009 at 06:59, Adi Mutu <adi...@ya...> wrote: > > This is the output I got: > > [08:54:02] [INFO] resuming match ratio '0.9' from session file > [08:54:02] [INFO] resuming injection point 'GET' from session file > [08:54:02] [INFO] resuming injection parameter 'id' from session file > [08:54:02] [INFO] resuming injection type 'numeric' from session file > [08:54:02] [INFO] resuming 0 number of parenthesis from session file > [08:54:02] [INFO] resuming back-end DBMS 'mysql 5' from session file > [08:54:02] [INFO] resuming union comment '#' from session file > [08:54:02] [INFO] resuming union count 9 from session file > [08:54:02] [INFO] resuming union position 4 from session file > [08:54:02] [INFO] testing connection to the target url > [08:54:02] [WARNING] the testable parameter 'id' you provided is not into > the Cookie > [08:54:02] [INFO] testing for parenthesis on injectable parameter > [08:54:02] [INFO] the back-end DBMS is MySQL > web server operating system: Linux Red Hat > web application technology: Apache 2.2.3, PHP 5.1.6 > back-end DBMS: MySQL 5 > [08:54:02] [INFO] fetching database users password hashes > [08:54:03] [WARNING] for some reasons it was not possible to retrieve the > query output through inband SQL injection technique, sqlmap is going bli > [08:54:03] [INFO] fetching database users > [08:54:03] [INFO] read from file 'logs/fmc.log': 'fmcgman'@'localhost' > [08:54:03] [INFO] fetching number of password hashes for user ''' > [08:54:03] [ERROR] Unenclosed ' in 'SELECT > IFNULL(CAST(COUNT(DISTINCT(password)) AS CHAR(10000)), CHAR(32)) FROM > mysql.user WHERE user=CHAR()'' > [*] shutting down at: 08:54:03 > > ------------------------------------------------------------------------------ > Come build with us! The BlackBerry® Developer Conference in SF, CA > is the only developer event you need to attend this year. Jumpstart your > developing skills, take BlackBerry mobile applications to market and stay > ahead of the curve. Join us from November 9-12, 2009. Register now! > http://p.sf.net/sfu/devconf > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Bernardo Damele A. G. E-mail / Jabber: bernardo.damele (at) gmail.com Mobile: +447788962949 (UK 07788962949) PGP Key ID: 0x05F5A30F |