Re: [sqlmap-users] Pre-12.5.1 Sybase compatibility
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] Pre-12.5.1 Sybase compatibility
|
From: Miroslav S. <mir...@gm...> - 2012-01-27 14:58:04
|
Hi Brian. Minor update. As Sybase doesn't support LIMIT/OFFSET like structure (same thing as for MSSQL) we use a method called "pivoting" (one column is used as a "pivot" for retrieving other column values) for deriving row content from tables. Now, problem is that pivoting requires "derived" tables. Sorry, but this moment it has to stay as it is for proper dumping of Sybase tables in general. Kind regards, Miroslav Stampar On Fri, Jan 27, 2012 at 3:44 PM, Miroslav Stampar < mir...@gm...> wrote: > Hi Brian. > > Sorry for the late reply. > > You can try it yourself and report back. You can go to the > xml/queries.xml, line 533 and change: > ...count2="SELECT COUNT(*) FROM (SELECT DISTINCT %s FROM %s) AS > value_table"/> > to: > ...count2="SELECT COUNT(DISTINCT %s) FROM %s"/> > > Please, also try with multiple column names (e.g. --dump for a table with > multiple column names) > > Kind regards, > Miroslav Stampar > > On Wed, Jan 25, 2012 at 1:56 AM, Brian Poole <po...@gm...> wrote: > >> Hello, >> >> Recently I've run into an issue with sqlmap and a pre-12.5.1 Sybase DB. >> It seems pre-12.5.1 Sybase DBs do not support derived tables (e.g., SELECT >> * FROM (SELECT example from table) as name). sqlmap uses these when >> enumerating the table so it quickly runs into syntax errors. The feature >> announcement for derived tables in 12.5.1 is below: >> >> >> http://manuals.sybase.com/onlinebooks/group-as/asg1251e/whatsnew/@ebt-link;pt=584?target=%25N%14_1010_START_RESTART_N%25 >> >> I took a quick look and some of the basic queries can be rewritten, e.g.: >> >> AND ASCII(SUBSTRING((SELECT >> ISNULL(CONVERT(NVARCHAR(4000),COUNT(*)),CHAR(32)) FROM (SELECT DISTINCT >> mmlP.name FROM (SELECT name FROM master..sysdatabases) AS mmlP) AS >> value_table),3,1)) > 1 >> >> to >> >> AND ASCII(SUBSTRING((SELECT ISNULL(CONVERT(NVARCHAR(4000),(SELECT >> COUNT(DISTINCT name) FROM master..sysdatabases)),CHAR(32)) ),3,1)) > 1 >> >> However I'm unclear if this would work in all cases (and if so, how it >> could be done cleanly.) Thoughts? >> >> Brian >> >> >> ------------------------------------------------------------------------------ >> Keep Your Developer Skills Current with LearnDevNow! >> The most comprehensive online learning library for Microsoft developers >> is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, >> Metro Style Apps, more. Free future releases when you subscribe now! >> http://p.sf.net/sfu/learndevnow-d2d >> _______________________________________________ >> sqlmap-users mailing list >> sql...@li... >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> >> > > > -- > Miroslav Stampar > http://about.me/stamparm > -- Miroslav Stampar http://about.me/stamparm |
