[sqlmap-users] Subquery payloads on mysql <4.1
Brought to you by:
inquisb
Menu
▾
▴
[sqlmap-users] Subquery payloads on mysql <4.1
|
From: Till .c. <ti...@ho...> - 2011-07-12 11:01:13
|
Hi Lately I've been playing with sqlmap and a 4.0 mysql server. Sqlmap detected the injection point just fine, but struggled with gathering information about other tables. I guess this happened due to the fact as subqueries have been introduced with mysql >=4.1 (http://dev.mysql.com/doc/refman/4.1/en/news-4-1-x.html) and thus payloads like the following are regarded as an invalid query on mysql <4.1: [PAYLOAD] 1234 AND ORD(MID((SELECT IFNULL(CAST(COUNT(*) AS CHAR),CHAR(32)) FROM randomtable),1,1)) > 51 Best Regards Till |
