Re: [sqlmap-users] enumerate tables in mysql < 5
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] enumerate tables in mysql < 5
|
From: Miroslav S. <mir...@gm...> - 2010-07-16 08:19:20
|
Hi. The easiest way should be to: 1) Generate and/or preload table names from some user defined file 2) Iterate through all of them and try to inject something like this: ... SELECT 1 FROM <table_name_for_existence_check> In case of an non existent table there will be an error returned, otherwise valid page. Sqlmap works by recognizing just that kind of page validity. Kind regards. On Thu, Jul 15, 2010 at 6:28 PM, Mauricio Velazco <mau...@gm...> wrote: > Hey. thanks for the reply. > > Besides knowing that sqlmap cant do it, my question was focused and > how this process would be done. > I mean, the algorithm. > > Maybe i can help in the development :). > > Regards, > > Mauricio > > 2010/7/15 Miroslav Stampar <mir...@gm...>: >> Hi. >> >> This is already on our TODO list and we hope that we'll add it with >> the next release. >> >> Kind regards. >> >> On Sun, Jul 11, 2010 at 2:57 AM, Mauricio Velazco >> <mau...@gm...> wrote: >>> Hey all. >>> I was testing a local site running mysql 4. In this version there is >>> no information_schema database so sqlmap cant enumerate table names. >>> >>> [19:51:16] [ERROR] information_schema not available, back-end DBMS is >>> MySQL < 5.0 >>> >>> I have been trying things locally and it seems that table names can be >>> bruteforced but since there is no schema we would have to create an >>> especific dictionary and try thins like >>> >>> Any other ideas on how to enumerable tables in mysql < 5 ? >>> >>> Regards, >>> >>> Mauricio >>> >>> ------------------------------------------------------------------------------ >>> This SF.net email is sponsored by Sprint >>> What will you do first with EVO, the first 4G phone? >>> Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first >>> _______________________________________________ >>> sqlmap-users mailing list >>> sql...@li... >>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >>> >> >> >> >> -- >> Miroslav Stampar >> >> E-mail / Jabber: miroslav.stampar (at) gmail.com >> Mobile: +385921010204 (HR 0921010204) >> PGP Key ID: 0xB5397B1B >> > > ------------------------------------------------------------------------------ > This SF.net email is sponsored by Sprint > What will you do first with EVO, the first 4G phone? > Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > -- Miroslav Stampar E-mail / Jabber: miroslav.stampar (at) gmail.com Mobile: +385921010204 (HR 0921010204) PGP Key ID: 0xB5397B1B |
