Re: [sqlmap-users] SQL MS-Access report bug
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] SQL MS-Access report bug
|
From: Carlos G. V. <car...@gm...> - 2010-11-05 18:17:33
|
I was working with access some time ago, and now that you mention, i was working on getting metadata for the db. As far as i know, there are some "system tables", equivalent to sysobjects (mssql) or information_schema (mysql). Take a look at this article: http://www.datanumen.com/aar/articles/system-object.htm If i can find my test scripts, i will attach some to the list. Best regards, 2010/11/4 Miroslav Stampar <mir...@gm...>: > hi Ulises. > > i am glad to see that someone has started using sqlmap against Access > databases :) > > we've done necessary patches to prevent sqlmap crash in this kind of > situations, but still, we don't have implemented dumping of tables for > MS Access (due to non existent way for column enumeration - if someone > has some idea non-brute force related, please say and we'll try to > implement it). also, support for this DBMS is still in (early) > development phase and we hope that we'll finish it in some reasonable > time. > > kr > > On Thu, Nov 4, 2010 at 8:05 PM, Ulises2k <uli...@gm...> wrote: >> >> [15:30:49] [INFO] using '/root/sqlmap-dev/output/xxxx/session' as session >> file >> [15:30:49] [INFO] resuming injection point 'GET' from session file >> [15:30:49] [INFO] resuming injection parameter 'Id' from session file >> [15:30:49] [INFO] resuming injection type 'numeric' from session file >> [15:30:49] [INFO] resuming match ratio '0.9' from session file >> [15:30:49] [INFO] resuming 0 number of parenthesis from session file >> [15:30:49] [INFO] resuming back-end DBMS 'microsoft access' from session >> file >> [15:30:49] [INFO] testing connection to the target url >> [15:30:50] [INFO] testing for parenthesis on injectable parameter >> [15:30:50] [INFO] the back-end DBMS is Microsoft Access >> web server operating system: Windows 2008 >> web application technology: ASP.NET, Microsoft IIS 7.5, ASP >> back-end DBMS: Microsoft Access >> [15:30:50] [ERROR] cannot retrieve table names, back-end DBMS is Access >> do you want to use common table existance check? [Y/n/q]Y >> [15:30:52] [INFO] checking tables existence using items from >> '/root/sqlmap-dev/txt/common-tables.txt' >> [15:32:06] [INFO] retrieved: >> notas >> [15:57:55] [INFO] tried: 1780/1780 items (100%) >> >> [15:57:55] [CRITICAL] unhandled exception in sqlmap/0.9-dev, retry your run >> with the latest development version from the Subversion repository. If the >> exception persists, please send by e-mail to >> sql...@li... the command line, the following text and >> any information needed to reproduce the bug. The developers will try to >> reproduce the bug, fix it accordingly and get back to you. >> sqlmap version: 0.9-dev (r2265) >> Python version: 2.5.2 >> Operating system: posix >> Traceback (most recent call last): >> File "./sqlmap.py", line 79, in main >> start() >> File "/root/sqlmap-dev/lib/controller/controller.py", line 298, in start >> action() >> File "/root/sqlmap-dev/lib/controller/action.py", line 117, in action >> conf.dbmsHandler.dumpAll() >> File "/root/sqlmap-dev/plugins/generic/enumeration.py", line 1263, in >> dumpAll >> for db, tables in kb.data.cachedTables.items(): >> AttributeError: 'list' object has no attribute 'items' >> >> >> ------------------------------------------------------------------------------ >> The Next 800 Companies to Lead America's Growth: New Video Whitepaper >> David G. Thomson, author of the best-selling book "Blueprint to a >> Billion" shares his insights and actions to help propel your >> business during the next growth cycle. Listen Now! >> http://p.sf.net/sfu/SAP-dev2dev >> _______________________________________________ >> sqlmap-users mailing list >> sql...@li... >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> >> > > > > -- > Miroslav Stampar > > E-mail / Jabber: miroslav.stampar (at) gmail.com > Mobile: +385921010204 (HR 0921010204) > PGP Key ID: 0xB5397B1B > Location: Zagreb, Croatia > > ------------------------------------------------------------------------------ > The Next 800 Companies to Lead America's Growth: New Video Whitepaper > David G. Thomson, author of the best-selling book "Blueprint to a > Billion" shares his insights and actions to help propel your > business during the next growth cycle. Listen Now! > http://p.sf.net/sfu/SAP-dev2dev > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > -- --------8<-------- Carlos Gabriel Vergara http://www.ThorSecurity.com.ar PGP: http://www.ThorSecurity.com.ar/gabrielvergara.pgp -------->8-------- |
