Re: [sqlmap-users] SQL Query To Retrieve MySQL Server IP Address

[Miroslav S. <mir...@gm...>]

That proposed solution is equivalent to the SELECT @@hostname (except that
last one doesn't need that non-query SHOW statement). Only thing is that
you'll get a same result as in --hostname which is not an IP address that
your require. Have to seek what can be used here.

Kind regards

On Wed, Nov 28, 2012 at 9:39 AM, Leon Jacobs <leo...@gm...> wrote:

> On Wed, Nov 28, 2012 at 10:31 AM, Zaki Akhmad <zak...@gm...>wrote:
>
>> Hello,
>>
>> I found SQL injection vulnerability. I want to know the database
>> server IP address. From the fingerprint result, the database server is
>> MySQL. How should I write the --sql-query so that I could retrieve the
>> MySQL database server IP address? It's n-tier web appliction.
>>
>> $ python sqlmap.py -u something --sql-query=""
>>
>> Just an idea: maybe it's possible to add a built-in sql query function
>> to retrieve database server IP address whatever the databases is used
>> (or I am the one who didn't know it?)
>>
>> Thanks,
>>
>
> If its MySQL and according to [1], try:
>
> $ python sqlmap.py -u something --sql-query="show variables where
> Variable_name = 'hostname'"
>
> I am not 100% sure about the required permissions/escaping that might be
> needed to achieve this via your injection point though...
>
> --
> Regards
> Leon Jacobs
>
> Sent using electronic mail ツ
>
> [1] http://dev.mysql.com/doc/refman/5.1/en/show-variables.html
>
>
> ------------------------------------------------------------------------------
> Keep yourself connected to Go Parallel:
> INSIGHTS What's next for parallel hardware, programming and related areas?
> Interviews and blogs by thought leaders keep you ahead of the curve.
> http://goparallel.sourceforge.net
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>


-- 
Miroslav Stampar
http://about.me/stamparm