Re: [sqlmap-users] Subquery payloads on mysql <4.1
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] Subquery payloads on mysql <4.1
|
From: Miroslav S. <mir...@gm...> - 2011-07-12 21:23:13
|
ok, got the point. also seen the same thing on Twitter few days ago, maybe it was you :) two things: A) does anyone have experience with subqueries on MySQL < 4.1? B) is there some VM around that carry for example MySQL 3.x ready for testing? kr On Tue, Jul 12, 2011 at 1:01 PM, Till .ch <ti...@ho...> wrote: > Hi > > > Lately I've been playing with sqlmap and a 4.0 mysql server. Sqlmap detected > the injection point just fine, but struggled with gathering information > about other tables. > I guess this happened due to the fact as subqueries have been introduced > with mysql >=4.1 (http://dev.mysql.com/doc/refman/4.1/en/news-4-1-x.html) > and thus payloads like the following are regarded as an invalid query on > mysql <4.1: > > > [PAYLOAD] 1234 AND ORD(MID((SELECT IFNULL(CAST(COUNT(*) AS CHAR),CHAR(32)) > FROM randomtable),1,1)) > 51 > > > Best Regards > Till > > ------------------------------------------------------------------------------ > All of the data generated in your IT infrastructure is seriously valuable. > Why? It contains a definitive record of application performance, security > threats, fraudulent activity, and more. Splunk takes this data and makes > sense of it. IT sense. And common sense. > http://p.sf.net/sfu/splunk-d2d-c2 > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar (@stamparm) E-mail: miroslav.stampar (at) gmail.com PGP Key ID: 0xB5397B1B |
