Re: [sqlmap-users] Error with Sqlite
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] Error with Sqlite
|
From: Miroslav S. <mir...@gm...> - 2013-04-01 20:20:35
|
Hi. Problem found and "patched". Please update to the latest revision and retry it again (preferably with --flush-session or at least --fresh-queries). Kind regards, Miroslav Stampar On Mon, Apr 1, 2013 at 7:57 PM, Gerardo Iglesias Galvan <igl...@gm... > wrote: > When trying to enumerate columns names from a table (-T tablename > --columns) sqlmap successfully retrieves the schema from sqlite_master, > however it fails on identifying the columns names. I get the next output: > > > **************************************************************************** > > [11:57:54] [INFO] resuming back-end DBMS 'sqlite' > [11:57:54] [INFO] testing connection to the target url > sqlmap identified the following injection points with a total of 0 HTTP(s) > requests: > --- > Place: POST > Parameter: SSLVPNUser.UserName > Type: boolean-based blind > Title: OR boolean-based blind - WHERE or HAVING clause > Payload: thispage=[redacted]&SSLVPNUser.UserName=-8559' OR (8414=8414) > AND > 'NdYt'='NdYt&SSLVPNUser.Password=[redacted]&button.login.routerStatus=Log > In&Login.userAgent=Mozilla/5.0 (X11%3B Ubuntu%3B Linux x86_64%3B rv:19.0) > Gecko/20100101 Firefox/19.0 > --- > [11:57:55] [INFO] the back-end DBMS is SQLite > [11:57:55] [INFO] fetching banner > [11:57:56] [INFO] resumed: 3.3.17 > back-end DBMS: SQLite > banner: '3.3.17' > [11:57:56] [INFO] fetching columns for table 'dbUpdateRegisterTbl' in > database 'SQLite_masterdb' > [11:57:56] [WARNING] running in a single-thread mode. Please consider > usage of option '--threads' for faster data retrieval > [11:57:56] [INFO] retrieved: CREATE TABLE dbUpdateRegisterTbl ' > compName text NOT NULL, stopIfError integer NOT NULL, waitForMe > integer NOT NULL, tableName text NOT NULL, rowIndex integer, > onUpdate integer NOT NULL, onAdd integer NOT NULL, onDelete > integer NOT NULL ) > Database: SQLite_masterdb > Table: dbUpdateRegisterTbl > [0 columns] > +--------+ > | Column | > +--------+ > +--------+ > > [12:35:19] [INFO] fetched data logged to text files under '[redacted]' > > > **************************************************************************** > > The same happens with every table in the DB. > > Is this some bug in sqlmap or something exceptional with the DB. > > > ------------------------------------------------------------------------------ > Own the Future-Intel® Level Up Game Demo Contest 2013 > Rise to greatness in Intel's independent game demo contest. > Compete for recognition, cash, and the chance to get your game > on Steam. $5K grand prize plus 10 genre and skill prizes. > Submit your demo by 6/6/13. http://p.sf.net/sfu/intel_levelupd2d > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar http://about.me/stamparm |
