Re: [sqlmap-users] working around 'Illegal mix of collations' with hex()

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Hi buawig.

With the latest commit (r4773) you can find a new switch --hex for doing
this kind of stuff. Currently, all 4 major DBMSes (MySQL, MSSQL, PgSQL,
Oracle) are supported for all techniques. Feel free to report any related
errors.

Kind regards,
Miroslav Stampar

On Tue, Feb 21, 2012 at 12:53 AM, <bu...@gm...> wrote:

> Hi,
>
> I'm using sqlmap mostly for exploiting a sqli/dumping contents.
>
> In the current case I've got a simple union based sqli in a MySQL 4.1.x DB.
>
> ..&x=foo union select 1,1,1,1 --
> (works)
>
> ..&x=foo union select 1,user(),1,1 --
> (doesn't work: Illegal mix of collation)
>
> to work around the collation issue I used hex() to manually extracting
> information:
> ..&x=foo union select 1,hex(user()),1,1 --
> (works)
>
> Usually I try to give sqlmap all the information it needs to quickly
> confirm a manually found sqli.
>
> sqlmap ....  --technique=U --union-char=1 --union-cols=4
>
> detects the sqli but when trying to actually extract information it runs
> into the mix of collations problem and suggests to use a the 'hidden'
> switch --no-cast, which doesn't solve the problem.
>
> Is there a way to tell sqlmap to use hex() to work around the collation
> issue?
>
> thanks
>
>
> ------------------------------------------------------------------------------
> Try before you buy = See our experts in action!
> The most comprehensive online learning library for Microsoft developers
> is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
> Metro Style Apps, more. Free future releases when you subscribe now!
> http://p.sf.net/sfu/learndevnow-dev2
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>

-- 
Miroslav Stampar
http://about.me/stamparm