Re: [sqlmap-users] Incompatibilities with old MySQL versions.
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] Incompatibilities with old MySQL versions.
|
From: Miroslav S. <mir...@gm...> - 2010-10-24 22:06:40
|
Hi Anton. First of all thank you for your most useful report. We've done necessary changes in code regarding your observations and tested against MySQL v5 (all working fine). Also, we already have a "similar" ticket for this kind of things -> versioning of queries. That means that we'll soon add support for different queries depending on different DBMS versions (like in your case MySQL < v4.1 and after that). Kind regards. On Sat, Oct 23, 2010 at 5:35 PM, Anton Mogilin <aza...@ya...> wrote: > Hi. > > I tried to use sqlmap with MySQL 4.0.15 and found some incompatibilities. > > Once there were an error >> 1064 - You have an error in your SQL syntax. Check the manual that corresponds >> to your MySQL server version for the right syntax to use near >> '(10000)),42' at line 1 > Here is a line from xml/queries.xml: > <cast query="CAST(%s AS CHAR(10000))"/> > According to > http://dev.mysql.com/doc/refman/4.1/en/cast-functions.html#function_convert > the possibility to set max length of string is not available prior 4.1.1. > Replaced that line with > <cast query="CAST(%s AS CHAR)"/> > and the error disappeared. Looks like everything is OK with new MySQL versions > too. Though limiting length of resulting string can be useful... > > And one more: > <banner query="SELECT VERSION()"/> > Error is: >> 1064 - You have an error in your SQL syntax. Check the manual that corresponds >> to your MySQL server version for the right syntax to use near >> 'select version()),42' at line 1 > >From http://dev.mysql.com/doc/refman/4.1/en/subqueries.html : >> Starting with MySQL 4.1, all subquery forms and operations that the SQL >> standard requires are supported, as well as a few features that are >> MySQL-specific. >> With MySQL versions prior to 4.1, it was necessary to work around or avoid >> the use of subqueries. > But with > <banner query="VERSION()"/> > there is no error. And if I'm not wrong there should not be troubles with newer > versions of MySQL. > Also similar thing with "SELECT CURRENT_USER()" and "SELECT DATABASE()". > > May be this things could be fixed? I guess there will be troubles with another > functions with such old software but at least functions above can be done > working. > > > And I'd like to say thanks for keeping enhancing and fixing sqlmap... > > > > > ------------------------------------------------------------------------------ > Nokia and AT&T present the 2010 Calling All Innovators-North America contest > Create new apps & games for the Nokia N8 for consumers in U.S. and Canada > $10 million total in prizes - $4M cash, 500 devices, nearly $6M in marketing > Develop with Nokia Qt SDK, Web Runtime, or Java and Publish to Ovi Store > http://p.sf.net/sfu/nokia-dev2dev > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > -- Miroslav Stampar E-mail / Jabber: miroslav.stampar (at) gmail.com Mobile: +385921010204 (HR 0921010204) PGP Key ID: 0xB5397B1B Location: Zagreb, Croatia |
