Re: [sqlmap-users] MS Access: provide option to specify table name to detect union based sqli vuln
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] MS Access: provide option to specify table name to detect union based sqli vuln
|
From: buawig <bu...@gm...> - 2013-03-20 16:31:32
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 to simply get the job done I changed the table name in: lib/core/dicts.py:144 after changing MSysAccessObjects to foobar sqlmap detected the union based sqli but exploitation did not work because it created very long queries and the server replied with: "query to complex" at the end I had to use extract data using boolean based exploitation (which did work after finding a column name in the table that had unique values) -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJRSeO+AAoJEJeRHQyF0ukMsrkQALcJwXhjXRRyXzusdloIc9ZZ Ybradjx4dKQ00lZR5nkQv+49Xe3V53bwcP4di2KqiiIIo/5gGyoxYzNAREsF2TT3 FpctmbmE13hnKg16HjZDbpxcJzUN1CMCs3Gb5E0ibP9/RTTHOegOG3xcvceEAj1Y DI8YFnDSmQRa2JBenJM8InHve3ue7Ef9seowHm4mBs8bniEskw2sAtxosVZJwUS9 eRndYwB9jBke9pXx+MuectmajWmMf0cTXhu5q5nOIbbykGZf2DDjduujLMCm6bT4 +iavnZkW/fHc+cnw1nmiwPcI2vCHxSLZW2ZX5FzpXjM4agXM8+FTQzT8+7WUalfW QAAkZYjNWiOgpvFVUBsqgb1ozc/4O33y1oNfbg7SHbopgPOApvtvAxjBa5Igtwh9 SDTuGXbuovQYoJEOI3JwxTMPXZuUpgvQgszvqfr/JB2MweZk/B9TPPIRLvLwLM3u yRRtrrxij296XJ/MZBq5dWcj1Ij3mS1hTeO2GkxNcJnh/vcN4Vsic8OJmQrEGRKP Xmz1VT4eqZMh3dzg6d90RQb3oCdVJ0OdY3Duvf7pPMCfKPtk9SROxoqmc+K0bQSl CIKgTBcsC3SAmVYZljYk2JqMnorcVvv7bXbvcM2okllA4fmZq+oGf+r2oO80zorQ NKORqeE2OQ6bqNYJaDIR =VMtR -----END PGP SIGNATURE----- |
