[sqlmap-users] sqlmap 0.8 table enumeration
Brought to you by:
inquisb
Menu
▾
▴
[sqlmap-users] sqlmap 0.8 table enumeration
|
From: Gavin J. <gav...@gm...> - 2010-12-08 21:56:20
|
Hi There, I was able to find a SQL injection issue on one of the parameters of the application that I am looking at and using sqlmap 0.8 I was able to extract some information using from the MySQL back end such as the banner and the user information shown below: banner: '5.1.50' current user: 'dbadmin@localhost' current user is DBA: 'False' However when I tried to enumerate the tables in the DB sqlmap seemed to ignore the version returned by the banner that is cached in its session file and insisted that it was a MySQL 4 DBMS and then subsequently failed to enumerate the tables .... Should it be ignoring the version string returned by the banner to make these queries? Regards, Gavin |
