Re: [sqlmap-users] PostgreSQL: substr('string', 1, 1) vs. substring('string' from 1 for 1)
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] PostgreSQL: substr('string', 1, 1) vs. substring('string' from 1 for 1)
|
From: Miroslav S. <mir...@gm...> - 2013-04-25 08:17:26
|
Hi Buawig. It was probably a problem with comma processing (e.g. some kind of field splitting) Nevertheless, went through PgSQL manuals and spotted no difference in both functionality and compatibility. Replace with the latest commit [1] Kind regards, Miroslav Stampar [1] https://github.com/sqlmapproject/sqlmap/commit/ff62b0d3eaee311c786cd5b9ad5b1cbf1d28c3a3 On Wed, Apr 24, 2013 at 9:24 PM, buawig <bu...@gm...> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 > > Hi, > > on a recent blind SQLi (PostgreSQL 8.4) I had problems using sqlmap to > extract data. > > After having a deeper look at it I noticed that the DB did like the > function substr() (I can not entirely exclude it but I do not think > that this problem was introduced by some kind of weird anti sqli > filtering). > To work around that issue I replaced the substr() function in > > xml/queries.xml > > with substring( .. from N for 1) and everything worked fine. > > I thought you might want to add that possibility as a second option > (query2= ?) to automatically detect/workaround that issue? > -----BEGIN PGP SIGNATURE----- > > iQIcBAEBCgAGBQJReDF6AAoJEJeRHQyF0ukMOjQQAKIATbP/WL2LkgOdjVAZ5kG+ > Yafdgrp8Cn1oL2X9AdOZL/Xr2dh67GsbV6sgCc6uv35I8rqMtfs81FlqplvLD0h0 > 7sb/1RXTTrrbmMEZGaGyiZhqEdlr5DDooXM3fEmgkEoXgQ1Ht9sjz3PzNk2bWCUB > EIip1Jrp2EbZPAkNgfcXNcpq3ojSULkvEua0WawxR1voAI1YiWpYBAUI+LHheUVG > 3PGPb5MHjGEBs1m3Hhw/hSHtlR7YhPzsx+Mk99pJkcluardzEsyucLax3MevLI1i > KCWxDP0QT3MmVdBk89/ETOxhWbka1NeCDEv7gVBzYG3DHptD4PfSbsInUdJGQtZ8 > bd0GjJdi9Ie4Rl3KMNXPt3j2VLq1neuLsTm/r8xwDqdLfpSeZ5eTiy1W5/usAz+o > 4VDfHp7vZRMooL3PPi6Ie+l0mfY5KtFE2pcXF3EZ2DyUl9xB38v9tfgMZ8dXVa/Q > mpH5Zp5V82soa+Xdb+LLkzRTuhIJg0sScvINrPbDyzQOQiTaVZXjL++pa7sOeoYJ > Ag4+QIt+FvhIKog0zlc53qc7J/M3R2H3DH3G/2+FevxWTvR+m/NqsbWFujuYnu3j > pCyIc9+dScBnTgk1SjCsa7HdKBeuSOwVTJiE3FY6jLmfP2JwChKC/IgxxBM9AQOY > GcuFPtVicifZihtWaqwa > =VzEN > -----END PGP SIGNATURE----- > > > ------------------------------------------------------------------------------ > Try New Relic Now & We'll Send You this Cool Shirt > New Relic is the only SaaS-based application performance monitoring service > that delivers powerful full stack analytics. Optimize and monitor your > browser, app, & servers with just a few lines of code. Try New Relic > and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_apr > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > -- Miroslav Stampar http://about.me/stamparm |
