Thread: [sqlmap-users] 32 results from database with 10, 000 rows! (id 90-99, 990-999, 9990-9999)

Brought to you by: inquisb

sqlmap-users

[sqlmap-users] 32 results from database with 10, 000 rows! (id 90-99, 990-999, 9990-9999)

From: Tom T. <k1...@li...> - 2011-04-24 18:05:42

When trying to dump a table containing over 10000 entries, only 32 results are returned (rows with id 8, 9, 90-99, 990-999, 9990-9999). All the other data is not dumped, and I can't understand why.
Can anyone explain this behaviour?
Obviously I'm pleased that my database does not appear to be completely exploitable, but I'm worried that I'm missing something simple, and that there is something a hacker could do to retreive the rest of the data...
Test subject is an MSSQL 2005 Database runing on Windows 2003.

Re: [sqlmap-users] 32 results from database with 10, 000 rows! (id 90-99, 990-999, 9990-9999)

From: Bernardo D. A. G. <ber...@gm...> - 2011-04-25 00:20:56

Hi Tom,

In order to better understand what is going on and track down a
possible bug, could you please provide us with the full output of your
sqlmap command with --flush-session -v3 --parse-errors --columns -T
<your_table_name> -D <your_db_name> -t traffic.log and send use the
traffic log file too? You can mask sensible information and send it
privately to me and Miroslav to debug if you prefer.

Thank you,
Bernardo

On 24 April 2011 18:53, Tom Thumb <k1...@li...> wrote:
> When trying to dump a table containing over 10000 entries, only 32 results
> are returned (rows with id 8, 9, 90-99, 990-999, 9990-9999). All the other
> data is not dumped, and I can't understand why.
> Can anyone explain this behaviour?
> Obviously I'm pleased that my database does not appear to be completely
> exploitable, but I'm worried that I'm missing something simple, and that
> there is something a hacker could do to retreive the rest of the data...
> Test subject is an MSSQL 2005 Database runing on Windows 2003.

-- 
Bernardo Damele A. G.

E-mail / Jabber: bernardo.damele (at) gmail.com
Mobile: +447788962949 (UK 07788962949)
PGP Key ID: 0x05F5A30F

Re: [sqlmap-users] 32 results from database with 10, 000 rows! (id 90-99, 990-999, 9990-9999)

From: Miroslav S. <mir...@gm...> - 2011-04-25 09:08:08

Hi Tom.

I believe i see the connection with our code. That number ranges have
the root in programs logic.

Will be fixed in a week.

After that hackers will be able to dump all :)

It's just strange that nobody has noticed this in some two weeks as
that's the time of affecting commit.

Kr
On Sunday, April 24, 2011, Tom Thumb <k1...@li...> wrote:
>
>
>
>
>
> When trying to dump a table containing over 10000 entries, only 32 results are returned (rows with id 8, 9, 90-99, 990-999, 9990-9999). All the other data is not dumped, and I can't understand why.
> Can anyone explain this behaviour?
> Obviously I'm pleased that my database does not appear to be completely exploitable, but I'm worried that I'm missing something simple, and that there is something a hacker could do to retreive the rest of the data...
> Test subject is an MSSQL 2005 Database runing on Windows 2003. 		 	   		
>

-- 
Miroslav Stampar

E-mail: miroslav.stampar (at) gmail.com
PGP Key ID: 0xB5397B1B

Re: [sqlmap-users] 32 results from database with 10, 000 rows! (id 90-99, 990-999, 9990-9999)

From: Miroslav S. <mir...@gm...> - 2011-05-01 15:45:26

hi all.

it's strange that nobody has noticed this till now :)))

this bug was (in cases when the pivot column used was an integer
based) trimming/preventing dumping of entire table contents of some
DBMSes supported by sqlmap, like MSSQL, Sybase and MaxDB :)

thank you Tom very much for this report. thing is that we haven't
noticed it till this report because we use fairly small testing
tables.

now it should be fixed with the last commit

kr

On Mon, Apr 25, 2011 at 11:08 AM, Miroslav Stampar
<mir...@gm...> wrote:
> Hi Tom.
>
> I believe i see the connection with our code. That number ranges have
> the root in programs logic.
>
> Will be fixed in a week.
>
> After that hackers will be able to dump all :)
>
> It's just strange that nobody has noticed this in some two weeks as
> that's the time of affecting commit.
>
> Kr
> On Sunday, April 24, 2011, Tom Thumb <k1...@li...> wrote:
>>
>>
>>
>>
>>
>> When trying to dump a table containing over 10000 entries, only 32 results are returned (rows with id 8, 9, 90-99, 990-999, 9990-9999). All the other data is not dumped, and I can't understand why.
>> Can anyone explain this behaviour?
>> Obviously I'm pleased that my database does not appear to be completely exploitable, but I'm worried that I'm missing something simple, and that there is something a hacker could do to retreive the rest of the data...
>> Test subject is an MSSQL 2005 Database runing on Windows 2003.
>>
>
> --
> Miroslav Stampar
>
> E-mail: miroslav.stampar (at) gmail.com
> PGP Key ID: 0xB5397B1B
>



-- 
Miroslav Stampar

E-mail: miroslav.stampar (at) gmail.com
PGP Key ID: 0xB5397B1B

Re: [sqlmap-users] 32 results from database with 10, 000 rows! (id 90-99, 990-999, 9990-9999)

From: Tom T. <k1...@li...> - 2011-05-03 09:14:12

Excellent!

Confirmed fixed :)

> Date: Sun, 1 May 2011 17:45:19 +0200
> Subject: Re: [sqlmap-users] 32 results from database with 10, 000 rows! (id 90-99, 990-999, 9990-9999)
> From: mir...@gm...
> To: k1...@li...
> CC: sql...@li...
> 
> hi all.
> 
> it's strange that nobody has noticed this till now :)))
> 
> this bug was (in cases when the pivot column used was an integer
> based) trimming/preventing dumping of entire table contents of some
> DBMSes supported by sqlmap, like MSSQL, Sybase and MaxDB :)
> 
> thank you Tom very much for this report. thing is that we haven't
> noticed it till this report because we use fairly small testing
> tables.
> 
> now it should be fixed with the last commit
> 
> kr
> 
> On Mon, Apr 25, 2011 at 11:08 AM, Miroslav Stampar
> <mir...@gm...> wrote:
> > Hi Tom.
> >
> > I believe i see the connection with our code. That number ranges have
> > the root in programs logic.
> >
> > Will be fixed in a week.
> >
> > After that hackers will be able to dump all :)
> >
> > It's just strange that nobody has noticed this in some two weeks as
> > that's the time of affecting commit.
> >
> > Kr
> > On Sunday, April 24, 2011, Tom Thumb <k1...@li...> wrote:
> >>
> >>
> >>
> >>
> >>
> >> When trying to dump a table containing over 10000 entries, only 32 results are returned (rows with id 8, 9, 90-99, 990-999, 9990-9999). All the other data is not dumped, and I can't understand why.
> >> Can anyone explain this behaviour?
> >> Obviously I'm pleased that my database does not appear to be completely exploitable, but I'm worried that I'm missing something simple, and that there is something a hacker could do to retreive the rest of the data...
> >> Test subject is an MSSQL 2005 Database runing on Windows 2003.
> >>
> >
> > --
> > Miroslav Stampar
> >
> > E-mail: miroslav.stampar (at) gmail.com
> > PGP Key ID: 0xB5397B1B
> >
> 
> 
> 
> -- 
> Miroslav Stampar
> 
> E-mail: miroslav.stampar (at) gmail.com
> PGP Key ID: 0xB5397B1B