Hi Kyle,
On Sat, Oct 3, 2009 at 19:42, Kyle Anderson <ky...@xk...> wrote:
> So it seems that you cannot do a --dump-all on a mysql 4 server
> because information_schema is not available.
It's not a lack of sqlmap.
By design all versions of MySQL < 5.0 do not have information_schema
so, as far as I know, no way to automatically identify tables and
columns within a database.
> But can't I just do a "show databases;" in a sql shell? I tried but I
> can't seem to get the sql-shell to work (probably because it says I'm
> not a DBA)
The --sql-shell functionality does not work exactly like a direct
connection with the MySQL console. Statements like show can not be
supported (easily) within a SQL injection scenario.
On MySQL < 5.0 it is still possible to enumerate the databases via
'mysql' system database's 'db' table and sqlmap does it for you if you
specificy --dbs and it fingerprint an old version of MySQL. If it does
not, then there's a bug, please report it.
Cheers,
--
Bernardo Damele A. G.
E-mail / Jabber: bernardo.damele (at) gmail.com
Mobile: +447788962949 (UK 07788962949)
PGP Key ID: 0x05F5A30F
|