Re: [sqlmap-users] --sql-query: only single field outputs allowed?
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] --sql-query: only single field outputs allowed?
|
From: Miroslav S. <mir...@gm...> - 2011-01-17 00:25:34
|
hi buawig. we've done some heavy development in other parts and haven't updated --sql-shell accordingly. i can only say that we'll try to do our best and update it in couple of weeks (not a trivial one as now it's only supported by the part of sqlmap with blind based injections). kr On Mon, Jan 17, 2011 at 1:14 AM, <bu...@gm...> wrote: > Hi there, > > testcases: > > #1 > =========== > --sql-query="select username from insecure.user" > > output: > select username from insecure.user: 'admin' > > #2 > =========== > --sql-query="select password from insecure.user" > > output: > select password from insecure.user: 'foobar' > > #3 > =========== > --sql-query="select * from insecure.user" > > output: > select * from insecure.user: 'None' > > #4 > =========== > --sql-query="select username,password from insecure.user" > > output: > select username,password from insecure.user: 'None' > > > Question: Why is the output of #3 and #4 'None'? > (the table has only a single row) > > > > ------------------------------------------------------------------------------ > Protect Your Site and Customers from Malware Attacks > Learn about various malware tactics and how to avoid them. Understand > malware threats, the impact they can have on your business, and how you > can protect your company and customers by using code signing. > http://p.sf.net/sfu/oracle-sfdevnl > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > -- Miroslav Stampar E-mail / Jabber: miroslav.stampar (at) gmail.com Mobile: +385921010204 (HR 0921010204) PGP Key ID: 0xB5397B1B Location: Zagreb, Croatia |
