Re: [sqlmap-users] Bug
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] Bug
|
From: Bernardo D. A. G. <ber...@gm...> - 2010-04-09 15:51:26
|
Fixed wherever possible and committed. Thanks for reporting. Bernardo On Fri, Apr 2, 2010 at 09:36, Daliev Ilya <da...@ya...> wrote: > Hello SQLMAP users. > > Version: sqlmap/0.8-rc7 > When using partial (single row) inband sql injection with mssql sqlmap uses > construction like this > > field1=field1_value union all select top 1 some_field from some_table where > some_field not in (select top N some_field from some_table) > > Microsoft says that unordered result set with top clause are nondeterministic. > Even more, results obtained with different N are the same. May be it's better > to use skip/limit clause or something like this > > field1=field1_value union all select top 1 some_field from some_table where > some_field not in (select top N some_field from some_table order by 1) and > some_field in (select top N+1 some_field from some_table order by 1) > > > Regards, Daliev Ilya > > ------------------------------------------------------------------------------ > Download Intel® Parallel Studio Eval > Try the new software tools for yourself. Speed compiling, find bugs > proactively, and fine-tune applications for parallel performance. > See why Intel Parallel Studio got high marks during beta. > http://p.sf.net/sfu/intel-sw-dev > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > -- Bernardo Damele A. G. E-mail / Jabber: bernardo.damele (at) gmail.com Mobile: +447788962949 (UK 07788962949) PGP Key ID: 0x05F5A30F |
