[sqlmap-users] exploiting mysql 3.x
Brought to you by:
inquisb
Menu
▾
▴
[sqlmap-users] exploiting mysql 3.x
|
From: R W <rw8...@gm...> - 2014-10-18 22:30:59
|
Hi all, Just looking for any tips on exploiting MySQL 3.x with sqlmap. It's a pretty standard injection, but the best I've been able to do is extract the database name with sqlmap. I'm using the B technique, have tried --hex, --no-cast, etc, but none of the functions sqlmap is using exist in MySQL 3.x, e.g. union, cast, convert, so I'm reduced to manual exploitation with scripts and mid(), char(), etc. No big deal, just wondering if there's a quick way to get a bit further with sqlmap before I go back to manual exploitation through Burp. Thanks |
