Re: [sqlmap-users] UNION injectable -> sqlmap stops to work
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] UNION injectable -> sqlmap stops to work
|
From: Miroslav S. <mir...@gm...> - 2011-02-26 15:59:30
|
hi insane. "I tried some different targets and i also tried to use sqlmap without proxychains, but in all cases i got the same result. Is it a bug or am i making a mistake?" so, as i've understood, sqlmap works without proxychains but not with it in last couple of revisions? and you've tested with few different targets? could you please try to see what is the latest payload (that sqlmap stucks) - you can see payloads with usage of -v 3. also, could you please try to use that payload manually in web browser and see if everything works from there? i know that this would be a pain in the ass for you but it would be most helpful if you could revert few revisions back and report which revision got broke kr On Sat, Feb 26, 2011 at 5:16 AM, -insane- <in...@gm...> wrote: > Hey, > > i've been using sqlmap and proxychains together for months and it > allways worked fine for me. > Today i updated to the latest revision (3369) and i tried to find and > use UNION injections. > In the past it was no problem, but with the latest revision i got one. > After sqlmap reports the following: > "target url appears to be UNION injectable with 22 columns" > it connects to the target one last time and afterwards it stops to work. > I tried some different targets and i also tried to use sqlmap without > proxychains, but in all cases i got the same result. > Is it a bug or am i making a mistake? > > The end of my output: > [03:12:04] [INFO] testing 'MySQL UNION query (NULL) - 21 to 22 columns' > |D-chain|-<>-xxx.xxx.xxx.xxx:8080-<><>-xxx.xxx.xxx.xxx:80-<><>-OK > |D-chain|-<>-xxx.xxx.xxx.xxx:8080-<><>-xxx.xxx.xxx.xxx:80-<><>-OK > |D-chain|-<>-xxx.xxx.xxx.xxx:8080-<><>-xxx.xxx.xxx.xxx:80-<><>-OK > |D-chain|-<>-xxx.xxx.xxx.xxx:8080-<><>-xxx.xxx.xxx.xxx:80-<><>-OK > |D-chain|-<>-xxx.xxx.xxx.xxx:8080-<><>-xxx.xxx.xxx.xxx:80-<><>-OK > |D-chain|-<>-xxx.xxx.xxx.xxx:8080-<><>-xxx.xxx.xxx.xxx:80-<><>-OK > [03:12:43] [INFO] target url appears to be UNION injectable with 22 columns > |D-chain|-<>-xxx.xxx.xxx.xxx:8080-<><>-xxx.xxx.xxx.xxx:80-<><>-OK > ^C[04:07:55] [WARNING] Ctrl+C detected in detection phase > > My very simple cmd: > proxychains sqlmap -u "http://www.xxx.com/index.php?id=1&type=0" --dbms > mysql -p id --union-cols 21-22 > > Content of /usr/bin/sqlmap: > #!/bin/sh > python2.6 /path2sqlmap/sqlmap-dev/sqlmap.py $@ > > ------------------------------------------------------------------------------ > Free Software Download: Index, Search & Analyze Logs and other IT data in > Real-Time with Splunk. Collect, index and harness all the fast moving IT data > generated by your applications, servers and devices whether physical, virtual > or in the cloud. Deliver compliance at lower cost and gain new business > insights. http://p.sf.net/sfu/splunk-dev2dev > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > -- Miroslav Stampar E-mail: miroslav.stampar (at) gmail.com PGP Key ID: 0xB5397B1B |
