[sqlmap-users] problem detecting the union count
Brought to you by:
inquisb
From: Adi M. <adi...@ya...> - 2009-10-13 04:02:34
|
Hello, Sqlmap fails to detect the no. of columns to use in a union. My guess is that this happens because the input variable is used in a second query, which echoes an error back in the html output. Thus I think sqlmap tries something like Union 12345 # , sees the 12345 echoed back and stops. Is this the behaviour? Then I tried to modify the log file like this: [http://www.xxxx.com:80/podcast-detail.php][None][None][Match ratio][0.9] [http://www.xxxxx.com:80/podcast-detail.php][GET][id=3][Injection point][GET] [http://www.xxxx.com:80/podcast-detail.php][GET][id=3][Injection parameter][id] [http://www.xxxx.com:80/podcast-detail.php][GET][id=3][Injection type][numeric] [http://www.xxx.com:80/podcast-detail.php][GET][id=3][Parenthesis][0] [http://www.xxxxx.com:80/podcast-detail.php][GET][id=3][SELECT 12345,222,333,444,555 FROM information_schema.TABLES LIMIT 0, 1][12345] [http://www.xxxx.com:80/podcast-detail.php][GET][id=3][DBMS][MySQL 5] [http://www.xxx.com:80/podcast-detail.php][GET][id=3][Union comment][#] [http://www.xxxxx.com:80/podcast-detail.php][GET][id=3][Union count][5] As you can see there are 5 columns in the query and the output should be in the first column. Did i modified it correctly? And also when I try to resume from this file with -s option it goes back to the old behaviour, which uses 1 column for unin, not 5 as I have tried to tell it to do. Thank you! |