Re: [sqlmap-users] problem detecting the union count

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

back,

It was my mistake, I was modifyint the log file
incorrectly. But now I have solved it by taking as a model another log
file where sqlmap detected correctly. 

However there is another problem now. Allthough sqlmap detects correctly, when I run some commands it says:

[10:17:59] [INFO] fetching tables
[10:17:59] [WARNING] for some reasons it was not possible to retrieve the query output through inband SQL injection technique, sqlmap is going blind
[10:17:59] [INFO] fetching database names
[10:18:00]
[WARNING] for some reasons it was not possible to retrieve the query
output through inband SQL injection technique, sqlmap is going blind

________________________________
From: Adi Mutu <adi...@ya...>
To: sql...@li...
Sent: Tue, October 13, 2009 7:02:22 AM
Subject: [sqlmap-users] problem detecting the union count

Hello,

Sqlmap fails to detect the no. of columns to use in a union. My guess is that this happens because the input variable is used in a second query, which echoes an error back in the html output. Thus I think sqlmap tries something like Union 12345 # , sees the 12345 echoed back and stops. Is this the behaviour?

Then I tried to modify the log file like this:

[http://www.xxxx.com:80/podcast-detail.php][None][None][Match ratio][0.9]
[http://www.xxxxx.com:80/podcast-detail.php][GET][id=3][Injection point][GET]
[http://www.xxxx.com:80/podcast-detail.php][GET][id=3][Injection parameter][id]
[http://www.xxxx.com:80/podcast-detail.php][GET][id=3][Injection type][numeric]
[http://www.xxx.com:80/podcast-detail.php][GET][id=3][Parenthesis][0]
[http://www.xxxxx.com:80/podcast-detail.php][GET][id=3][SELECT 12345,222,333,444,555 FROM information_schema.TABLES LIMIT 0, 1][12345]
[http://www.xxxx.com:80/podcast-detail.php][GET][id=3][DBMS][MySQL 5]
[http://www.xxx.com:80/podcast-detail.php][GET][id=3][Union comment][#]
[http://www.xxxxx.com:80/podcast-detail.php][GET][id=3][Union count][5]

As you can see there are 5 columns in the query and the output should be in the first column. Did i modified it correctly? 
And also when I try to resume from this file with -s option it goes back to the old behaviour, which uses 1 column for unin, not 5 as I have tried to tell it to do.

Thank you!