Re: [sqlmap-users] SQL Query To Retrieve MySQL Server IP Address

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

On Wed, Nov 28, 2012 at 10:31 AM, Zaki Akhmad <zak...@gm...> wrote:

> Hello,
>
> I found SQL injection vulnerability. I want to know the database
> server IP address. From the fingerprint result, the database server is
> MySQL. How should I write the --sql-query so that I could retrieve the
> MySQL database server IP address? It's n-tier web appliction.
>
> $ python sqlmap.py -u something --sql-query=""
>
> Just an idea: maybe it's possible to add a built-in sql query function
> to retrieve database server IP address whatever the databases is used
> (or I am the one who didn't know it?)
>
> Thanks,
>

If its MySQL and according to [1], try:

$ python sqlmap.py -u something --sql-query="show variables where
Variable_name = 'hostname'"

I am not 100% sure about the required permissions/escaping that might be
needed to achieve this via your injection point though...

-- 
Regards
Leon Jacobs

Sent using electronic mail ツ

[1] http://dev.mysql.com/doc/refman/5.1/en/show-variables.html