Re: [sqlmap-users] "union all select" vs. "union select"
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] "union all select" vs. "union select"
|
From: Miroslav S. <mir...@gm...> - 2012-02-22 09:30:15
|
Hi buawig. As UNION ALL SELECT is usable only when joining two datasets (like in FULL inband/union injection) with the latest commit (r4776), UNION SELECT is used automatically in partial inband/union injection (solving your problem and maybe some other related) (e.g. id=-1 UNION SELECT ....) as there is no need for UNION ALL SELECT there (first dataset is dropped by that negative and/or random value). Kind regards, Miroslav Stampar p.s. more info about the difference between the two: http://blog.sqlauthority.com/2007/03/10/sql-server-union-vs-union-all-which-is-better-for-performance/ On Tue, Feb 21, 2012 at 9:12 PM, <bu...@gm...> wrote: > Hi, > > recently I had a union based sqli vulnerability that sqlmap was not able > to detect (I'm not sure if I used --level=4 but I think so). > > After having a look at sqlmap's requests by routing them through a proxy > I saw that the only difference between my manual tests and sqlmap's was > that sqlmap used "union all select" and I used "union select" > and it was only detectable/exploitable using "union select". > > My quick and dirty 'fix' was to do a automatic on-the-fly search and > replace of sqlmap's traffic with burp (replacing "union all select" with > "union select"), but I wanted to share this case with you and I thought > you might want to add some "union select" testcases if there are none. > (I'm sorry I don't remember the DBMS in question - it probably was mssql > but I'm not sure anymore.) > > kind regards, > buawig > > > ------------------------------------------------------------------------------ > Keep Your Developer Skills Current with LearnDevNow! > The most comprehensive online learning library for Microsoft developers > is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, > Metro Style Apps, more. Free future releases when you subscribe now! > http://p.sf.net/sfu/learndevnow-d2d > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > -- Miroslav Stampar http://about.me/stamparm |
