Hi Gavin.
In your case most probably 'information_schema' is missing needed for
a successful out-of-box table enumeration on MySQL>=5.
Please, update to the latest revision from our SVN repository and try
it again. Now, when information_schema is missing we offer an
automatic brute force checking of common table existence:
svn checkout https://svn.sqlmap.org/sqlmap/trunk/sqlmap sqlmap-dev
KR
On Wed, Dec 8, 2010 at 10:56 PM, Gavin Jones <gav...@gm...> wrote:
> Hi There,
>
> I was able to find a SQL injection issue on one of the parameters of
> the application that I am looking at and using sqlmap 0.8 I was able
> to extract some information using from the MySQL back end such as the
> banner and the user information shown below:
>
> banner: '5.1.50'
> current user: 'dbadmin@localhost'
> current user is DBA: 'False'
>
> However when I tried to enumerate the tables in the DB sqlmap seemed
> to ignore the version returned by the banner that is cached in its
> session file and insisted that it was a MySQL 4 DBMS and then
> subsequently failed to enumerate the tables ....
>
> Should it be ignoring the version string returned by the banner to
> make these queries?
>
> Regards,
> Gavin
>
> ------------------------------------------------------------------------------
> This SF Dev2Dev email is sponsored by:
>
> WikiLeaks The End of the Free Internet
> http://p.sf.net/sfu/therealnews-com
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
--
Miroslav Stampar
E-mail / Jabber: miroslav.stampar (at) gmail.com
Mobile: +385921010204 (HR 0921010204)
PGP Key ID: 0xB5397B1B
Location: Zagreb, Croatia
|
