Re: [sqlmap-users] unable to fench password with sqlmap
Brought to you by:
inquisb
From: Miroslav S. <mir...@gm...> - 2014-04-30 18:07:43
|
--sql-shell is only an interface in sqlmap to run custom SQL queries. Bye On Apr 30, 2014 11:51 AM, "Sabin Ranjit" <thi...@gm...> wrote: > but how come i can prompt to sql-shell? > > thanks > > > On Tue, Apr 29, 2014 at 9:10 PM, Miroslav Stampar < > mir...@gm...> wrote: > >> As the error suggests, no sufficient privileges. Common mitigation. >> >> Bye >> On Apr 29, 2014 11:19 AM, "Sabin Ranjit" <thi...@gm...> wrote: >> >>> hi, >>> I have sql injection, i can get the current user with the --current-user >>> command but when i option for password then sqlmap couldnt do it. it says: >>> >>> [WARNING] in case of continuous data retrieval problems you are advised >>> to try a switch '--no-cast' or switch '--hex' >>> [05:13:51] [WARNING] unable to retrieve the number of password hashes >>> for user 'busroute' >>> [05:13:51] [ERROR] unable to retrieve the password hashes for the >>> database users (most probably because the session user has no read >>> privileges over the relevant system database table) >>> [05:13:51] [WARNING] HTTP error codes detected during run: >>> 500 (Internal Server Error) - 3 times >>> >>> Is this the usual way to mitigate the sqli risk. or this is the sqlmap >>> error that needs to be option in. >>> the used following command: >>> #sqlmap -u http://example.com/br/create?key=1 --dbms="MySQL" --risk=3 >>> level=3 -p key --current-user --password --technique=B >>> >>> thanks >>> >>> kind regards, >>> >>> > |