Re: [sqlmap-users] enumerate tables in mysql < 5
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] enumerate tables in mysql < 5
|
From: Mauricio V. <mau...@gm...> - 2010-07-16 19:35:45
|
Hey! Thats what i thought.... So it basically its a brute force trying differente table names and watching the result. Thanks, keep up the great work, Regards 2010/7/16 Miroslav Stampar <mir...@gm...>: > Hi. > > The easiest way should be to: > > 1) Generate and/or preload table names from some user defined file > 2) Iterate through all of them and try to inject something like this: > ... SELECT 1 FROM <table_name_for_existence_check> > > In case of an non existent table there will be an error returned, > otherwise valid page. Sqlmap works by recognizing just that kind of > page validity. > > Kind regards. > > On Thu, Jul 15, 2010 at 6:28 PM, Mauricio Velazco > <mau...@gm...> wrote: >> Hey. thanks for the reply. >> >> Besides knowing that sqlmap cant do it, my question was focused and >> how this process would be done. >> I mean, the algorithm. >> >> Maybe i can help in the development :). >> >> Regards, >> >> Mauricio >> >> 2010/7/15 Miroslav Stampar <mir...@gm...>: >>> Hi. >>> >>> This is already on our TODO list and we hope that we'll add it with >>> the next release. >>> >>> Kind regards. >>> >>> On Sun, Jul 11, 2010 at 2:57 AM, Mauricio Velazco >>> <mau...@gm...> wrote: >>>> Hey all. >>>> I was testing a local site running mysql 4. In this version there is >>>> no information_schema database so sqlmap cant enumerate table names. >>>> >>>> [19:51:16] [ERROR] information_schema not available, back-end DBMS is >>>> MySQL < 5.0 >>>> >>>> I have been trying things locally and it seems that table names can be >>>> bruteforced but since there is no schema we would have to create an >>>> especific dictionary and try thins like >>>> >>>> Any other ideas on how to enumerable tables in mysql < 5 ? >>>> >>>> Regards, >>>> >>>> Mauricio >>>> >>>> ------------------------------------------------------------------------------ >>>> This SF.net email is sponsored by Sprint >>>> What will you do first with EVO, the first 4G phone? >>>> Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first >>>> _______________________________________________ >>>> sqlmap-users mailing list >>>> sql...@li... >>>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >>>> >>> >>> >>> >>> -- >>> Miroslav Stampar >>> >>> E-mail / Jabber: miroslav.stampar (at) gmail.com >>> Mobile: +385921010204 (HR 0921010204) >>> PGP Key ID: 0xB5397B1B >>> >> >> ------------------------------------------------------------------------------ >> This SF.net email is sponsored by Sprint >> What will you do first with EVO, the first 4G phone? >> Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first >> _______________________________________________ >> sqlmap-users mailing list >> sql...@li... >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> > > > > -- > Miroslav Stampar > > E-mail / Jabber: miroslav.stampar (at) gmail.com > Mobile: +385921010204 (HR 0921010204) > PGP Key ID: 0xB5397B1B > |