Re: [sqlmap-users] UNION injectable -> sqlmap stops to work
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] UNION injectable -> sqlmap stops to work
|
From: Miroslav S. <mir...@gm...> - 2011-02-26 17:43:35
|
we've traced the problem. will try to deal with it in 6 hour approx. (now have to go out :) kr On Sat, Feb 26, 2011 at 5:16 AM, -insane- <in...@gm...> wrote: > Hey, > > i've been using sqlmap and proxychains together for months and it > allways worked fine for me. > Today i updated to the latest revision (3369) and i tried to find and > use UNION injections. > In the past it was no problem, but with the latest revision i got one. > After sqlmap reports the following: > "target url appears to be UNION injectable with 22 columns" > it connects to the target one last time and afterwards it stops to work. > I tried some different targets and i also tried to use sqlmap without > proxychains, but in all cases i got the same result. > Is it a bug or am i making a mistake? > > The end of my output: > [03:12:04] [INFO] testing 'MySQL UNION query (NULL) - 21 to 22 columns' > |D-chain|-<>-xxx.xxx.xxx.xxx:8080-<><>-xxx.xxx.xxx.xxx:80-<><>-OK > |D-chain|-<>-xxx.xxx.xxx.xxx:8080-<><>-xxx.xxx.xxx.xxx:80-<><>-OK > |D-chain|-<>-xxx.xxx.xxx.xxx:8080-<><>-xxx.xxx.xxx.xxx:80-<><>-OK > |D-chain|-<>-xxx.xxx.xxx.xxx:8080-<><>-xxx.xxx.xxx.xxx:80-<><>-OK > |D-chain|-<>-xxx.xxx.xxx.xxx:8080-<><>-xxx.xxx.xxx.xxx:80-<><>-OK > |D-chain|-<>-xxx.xxx.xxx.xxx:8080-<><>-xxx.xxx.xxx.xxx:80-<><>-OK > [03:12:43] [INFO] target url appears to be UNION injectable with 22 columns > |D-chain|-<>-xxx.xxx.xxx.xxx:8080-<><>-xxx.xxx.xxx.xxx:80-<><>-OK > ^C[04:07:55] [WARNING] Ctrl+C detected in detection phase > > My very simple cmd: > proxychains sqlmap -u "http://www.xxx.com/index.php?id=1&type=0" --dbms > mysql -p id --union-cols 21-22 > > Content of /usr/bin/sqlmap: > #!/bin/sh > python2.6 /path2sqlmap/sqlmap-dev/sqlmap.py $@ > > ------------------------------------------------------------------------------ > Free Software Download: Index, Search & Analyze Logs and other IT data in > Real-Time with Splunk. Collect, index and harness all the fast moving IT data > generated by your applications, servers and devices whether physical, virtual > or in the cloud. Deliver compliance at lower cost and gain new business > insights. http://p.sf.net/sfu/splunk-dev2dev > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > -- Miroslav Stampar E-mail: miroslav.stampar (at) gmail.com PGP Key ID: 0xB5397B1B |
