Re: [sqlmap-users] Question about Stacked Queries
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] Question about Stacked Queries
|
From: Miroslav S. <mir...@gm...> - 2012-10-11 12:37:13
|
Hi Daniel. If sqlmap is not able to detect stacked queries (like in your case), then it won't be able to use/exploit those commands from --sql-shell. Pretty simple. Just take a look into your list of "sqlmap identified the following injection points..." for that same target and if there are things like "boolean"/"time-based blind"... and no "stacked" then you have no luck. As you've said "stacked queries could be executed". If you want to be sure you can try to re-test the target with higher --time-sec. For example, python sqlmap.py -u .... --flush-session --time-sec=20. If that fails then you won't be able to use stacked queries as you've expected. Kind regards, Miroslav Stampar On Wed, Oct 10, 2012 at 4:52 PM, Daniel Calvo Castro < dan...@ke...> wrote: > Hi Miroslav, Bernardo, list members, > > As far I know ( please correct if i´m wrong ) reading a couple of > times Bernardo´s Damele Advanced SQL Injection whitepaper , Stacked > queries could be executed via Blind and MySQL with ASP.NET,but sqlmap > show me via sql-shell: > > web server operating system: Windows 2008 > web application technology: ASP.NET, Microsoft IIS 7.5, ASP > back-end DBMS: MySQL 5 > sql-shell> create database test2;create database test3;drop table test; > [16:10:32] [WARNING] execution of custom SQL queries is only available > when stacked queries are supported > > current-user of mysql is root with full privileges, the goal is to > create a temporary table via stacked queries also well described in > that great document, could someone point me in the right way? > > Thanks in advance > > > ------------------------------------------------------------------------------ > Don't let slow site performance ruin your business. Deploy New Relic APM > Deploy New Relic app performance management and know exactly > what is happening inside your Ruby, Python, PHP, Java, and .NET app > Try New Relic at no cost today and get our sweet Data Nerd shirt too! > http://p.sf.net/sfu/newrelic-dev2dev > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > -- Miroslav Stampar http://about.me/stamparm |
