[sqlmap-users] Fw: Which get was the right
Brought to you by:
inquisb
From: Beatriz D. <bea...@ya...> - 2010-01-21 06:36:52
|
For example, you run: sqlmap -u http://XXX.XXX.XXX.XXX/something/?departamento=0 -v 5 --sql-query "SELECT CURRENT_USER()" After the execution you find the current user: [00:11:15] [INFO] retrieved: usqli@localhost [00:11:15] [DEBUG] performed 112 queries in 87 seconds SELECT CURRENT_USER(): 'usqli@localhost' But the results say that 112 queries were tried, like: something/?departamento=0%20AND%20ORD%28MID%28%28IFNULL%28CAST%28CURRENT_USER%28%29%20AS%20CHAR%2810000%29%29%2C%20CHAR%2832%29%29%29%2C%2016%2C%201%29%29%20%3E%201%20AND%20316=316 HTTP/1.1 How can I know which one of the 112 got the result? ________________________________ From:Ignacio Hernández [mailto:nac...@gm...] Sent: Miércoles, 20 de Enero de 2010 06:10 p.m. To: Duran, Beatriz Subject: Re: [sqlmap-users] Which get was the right HI Beatriz When you run sqlmap against a target and one of the tests succeeds, sqlmap tells you that. It tells you the quotes (single or doubles) and the nomber of parenthesis needed to inject sql code. On lasts versions of sqlmap it does the tests just one time and stores the data to a file telling you where this file is each time you start sqlmap against the same target, for example: [00:59:06] [INFO] using '/home/nacho/sqlmap/output/www.target.com/session' as session file You can open that file and see there what test worked. Sorry about my english im spanish :) 2010/1/20 Duran, Beatriz Hi, after you ran sqlmap to get for example, the list of tables; it gives you the query applied but how could you know which test was the one that worked? Thanks, ------------------------------------------------------------------------------ Throughout its 18-year history, RSA Conference consistently attracts the world's best and brightest in the field, creating opportunities for Conference attendees to learn about information security's most important issues through interactions with peers, luminaries and emerging and established companies. http://p.sf.net/sfu/rsaconf-dev2dev _______________________________________________ sqlmap-users mailing list sql...@li... https://lists.sourceforge.net/lists/listinfo/sqlmap-users KPMG esta comprometido con la responsabilidad ambiental. Por favor, considere el medio ambiente antes de imprimir este e-mail. The information in this e-mail is confidential and may be legally privileged. It is intended solely for the addressee. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. KPMG cannot guarantee that e-mail communications are secure or error-free, as information could be intercepted, corrupted, amended, lost, destroyed, arrive late or incomplete, or contain viruses. The opinions or professional criteria provided by our Firm are issued formally through a document drafted in the Firm's letterhead and signed by the partner or director responsible for the service; consequently, the contents and/or documentation relating to this communication may include opinions, recommendations or other information that should not be used as basis or grounds for influencing any decisions. Furthermore, there can be no guarantee that the information contained in this e-mail is accurate as of the date it is received or that it will continue to be accurate in the future. In this sense, the Firm assumes no responsibility, civil or otherwise for information included herein or for any potential errors or inaccuracies this document may contain. KPMG Cardenas Dosal, S .C. is a Mexican partnership and the Mexican member firm of the KPMG network of independent firms affiliated with KPMG International Cooperative (KPMG International), a Swiss entity. KPMG International Cooperative (KPMG International) is a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International Cooperative or any other member firm vis-à-vis third parties, nor does KPMG International Cooperative have any such authority to obligate or bind any member firm in any manner whatsoever. Each member firm is a legally distinct and separate entity. |