Re: [sqlmap-users] sqlmap 0.8 table enumeration
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] sqlmap 0.8 table enumeration
|
From: Miroslav S. <mir...@gm...> - 2010-12-08 22:02:38
|
Hi Gavin. In your case most probably 'information_schema' is missing needed for a successful out-of-box table enumeration on MySQL>=5. Please, update to the latest revision from our SVN repository and try it again. Now, when information_schema is missing we offer an automatic brute force checking of common table existence: svn checkout https://svn.sqlmap.org/sqlmap/trunk/sqlmap sqlmap-dev KR On Wed, Dec 8, 2010 at 10:56 PM, Gavin Jones <gav...@gm...> wrote: > Hi There, > > I was able to find a SQL injection issue on one of the parameters of > the application that I am looking at and using sqlmap 0.8 I was able > to extract some information using from the MySQL back end such as the > banner and the user information shown below: > > banner: '5.1.50' > current user: 'dbadmin@localhost' > current user is DBA: 'False' > > However when I tried to enumerate the tables in the DB sqlmap seemed > to ignore the version returned by the banner that is cached in its > session file and insisted that it was a MySQL 4 DBMS and then > subsequently failed to enumerate the tables .... > > Should it be ignoring the version string returned by the banner to > make these queries? > > Regards, > Gavin > > ------------------------------------------------------------------------------ > This SF Dev2Dev email is sponsored by: > > WikiLeaks The End of the Free Internet > http://p.sf.net/sfu/therealnews-com > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > -- Miroslav Stampar E-mail / Jabber: miroslav.stampar (at) gmail.com Mobile: +385921010204 (HR 0921010204) PGP Key ID: 0xB5397B1B Location: Zagreb, Croatia |
