Re: [sqlmap-users] PostgreSQL: substr('string', 1, 1) vs. substring('string' from 1 for 1)

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

p.s. typo: Replace -> Replaced
p.p.s. just update to have it up and running

On Thu, Apr 25, 2013 at 10:17 AM, Miroslav Stampar <
mir...@gm...> wrote:

> Hi Buawig.
>
> It was probably a problem with comma processing (e.g. some kind of field
> splitting)
>
> Nevertheless, went through PgSQL manuals and spotted no difference in both
> functionality and compatibility.
>
> Replace with the latest commit [1]
>
> Kind regards,
> Miroslav Stampar
>
> [1]
> https://github.com/sqlmapproject/sqlmap/commit/ff62b0d3eaee311c786cd5b9ad5b1cbf1d28c3a3
>
>
>
> On Wed, Apr 24, 2013 at 9:24 PM, buawig <bu...@gm...> wrote:
>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA512
>>
>> Hi,
>>
>> on a recent blind SQLi (PostgreSQL 8.4) I had problems using sqlmap to
>> extract data.
>>
>> After having a deeper look at it I noticed that the DB did like the
>> function substr() (I can not entirely exclude it but I do not think
>> that this problem was introduced by some kind of weird anti sqli
>> filtering).
>> To work around that issue I replaced the substr() function in
>>
>> xml/queries.xml
>>
>> with substring( .. from N for 1) and everything worked fine.
>>
>> I thought you might want to add that possibility as a second option
>> (query2= ?) to automatically detect/workaround that issue?
>> -----BEGIN PGP SIGNATURE-----
>>
>> iQIcBAEBCgAGBQJReDF6AAoJEJeRHQyF0ukMOjQQAKIATbP/WL2LkgOdjVAZ5kG+
>> Yafdgrp8Cn1oL2X9AdOZL/Xr2dh67GsbV6sgCc6uv35I8rqMtfs81FlqplvLD0h0
>> 7sb/1RXTTrrbmMEZGaGyiZhqEdlr5DDooXM3fEmgkEoXgQ1Ht9sjz3PzNk2bWCUB
>> EIip1Jrp2EbZPAkNgfcXNcpq3ojSULkvEua0WawxR1voAI1YiWpYBAUI+LHheUVG
>> 3PGPb5MHjGEBs1m3Hhw/hSHtlR7YhPzsx+Mk99pJkcluardzEsyucLax3MevLI1i
>> KCWxDP0QT3MmVdBk89/ETOxhWbka1NeCDEv7gVBzYG3DHptD4PfSbsInUdJGQtZ8
>> bd0GjJdi9Ie4Rl3KMNXPt3j2VLq1neuLsTm/r8xwDqdLfpSeZ5eTiy1W5/usAz+o
>> 4VDfHp7vZRMooL3PPi6Ie+l0mfY5KtFE2pcXF3EZ2DyUl9xB38v9tfgMZ8dXVa/Q
>> mpH5Zp5V82soa+Xdb+LLkzRTuhIJg0sScvINrPbDyzQOQiTaVZXjL++pa7sOeoYJ
>> Ag4+QIt+FvhIKog0zlc53qc7J/M3R2H3DH3G/2+FevxWTvR+m/NqsbWFujuYnu3j
>> pCyIc9+dScBnTgk1SjCsa7HdKBeuSOwVTJiE3FY6jLmfP2JwChKC/IgxxBM9AQOY
>> GcuFPtVicifZihtWaqwa
>> =VzEN
>> -----END PGP SIGNATURE-----
>>
>>
>> ------------------------------------------------------------------------------
>> Try New Relic Now & We'll Send You this Cool Shirt
>> New Relic is the only SaaS-based application performance monitoring
>> service
>> that delivers powerful full stack analytics. Optimize and monitor your
>> browser, app, & servers with just a few lines of code. Try New Relic
>> and get this awesome Nerd Life shirt!
>> http://p.sf.net/sfu/newrelic_d2d_apr
>> _______________________________________________
>> sqlmap-users mailing list
>> sql...@li...
>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>>
>
>
>
> --
> Miroslav Stampar
> http://about.me/stamparm
>

-- 
Miroslav Stampar
http://about.me/stamparm