Re: [sqlmap-users] unable to fench password with sqlmap

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

--sql-shell is only an interface in sqlmap to run custom SQL queries.

Bye
On Apr 30, 2014 11:51 AM, "Sabin Ranjit" <thi...@gm...> wrote:

> but how come i can prompt to sql-shell?
>
> thanks
>
>
> On Tue, Apr 29, 2014 at 9:10 PM, Miroslav Stampar <
> mir...@gm...> wrote:
>
>> As the error suggests, no sufficient privileges. Common mitigation.
>>
>> Bye
>> On Apr 29, 2014 11:19 AM, "Sabin Ranjit" <thi...@gm...> wrote:
>>
>>> hi,
>>> I have sql injection, i can get the current user with the --current-user
>>> command but when i option for password then sqlmap couldnt do it. it says:
>>>
>>> [WARNING] in case of continuous data retrieval problems you are advised
>>> to try a switch '--no-cast' or switch '--hex'
>>> [05:13:51] [WARNING] unable to retrieve the number of password hashes
>>> for user 'busroute'
>>> [05:13:51] [ERROR] unable to retrieve the password hashes for the
>>> database users (most probably because the session user has no read
>>> privileges over the relevant system database table)
>>> [05:13:51] [WARNING] HTTP error codes detected during run:
>>> 500 (Internal Server Error) - 3 times
>>>
>>> Is this the usual way to mitigate the sqli risk. or this is the sqlmap
>>> error that needs to be option in.
>>> the used following command:
>>> #sqlmap -u http://example.com/br/create?key=1 --dbms="MySQL" --risk=3
>>> level=3 -p key --current-user --password --technique=B
>>>
>>> thanks
>>>
>>> kind regards,
>>>
>>>
>