Re: [sqlmap-users] 32 results from database with 10, 000 rows! (id 90-99, 990-999, 9990-9999)
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] 32 results from database with 10, 000 rows! (id 90-99, 990-999, 9990-9999)
|
From: Miroslav S. <mir...@gm...> - 2011-04-25 09:08:08
|
Hi Tom. I believe i see the connection with our code. That number ranges have the root in programs logic. Will be fixed in a week. After that hackers will be able to dump all :) It's just strange that nobody has noticed this in some two weeks as that's the time of affecting commit. Kr On Sunday, April 24, 2011, Tom Thumb <k1...@li...> wrote: > > > > > > When trying to dump a table containing over 10000 entries, only 32 results are returned (rows with id 8, 9, 90-99, 990-999, 9990-9999). All the other data is not dumped, and I can't understand why. > Can anyone explain this behaviour? > Obviously I'm pleased that my database does not appear to be completely exploitable, but I'm worried that I'm missing something simple, and that there is something a hacker could do to retreive the rest of the data... > Test subject is an MSSQL 2005 Database runing on Windows 2003. > -- Miroslav Stampar E-mail: miroslav.stampar (at) gmail.com PGP Key ID: 0xB5397B1B |
