> On Aug 15, 2017, at 8:21 PM, Miroslav Stampar
> wrote:
>
> Hi.
>
> sqlmap either does the full dump (FULL UNION case) or one row at a time
> (PARTIAL UNION case - e.g. single row of result). There is no "let's dump N
> rows per request" - this is really not possible to do in a simple and g
Hi.
sqlmap either does the full dump (FULL UNION case) or one row at a time
(PARTIAL UNION case - e.g. single row of result). There is no "let's dump N
rows per request" - this is really not possible to do in a simple and
generic way as targets tend to cut the results in most exotic ways (e.g.
fir
Looking at some later requests, it appears that dumping a row from a table is
performed this way (each column is concated together). So it looks like this
kind of strategy is just not used consistently when limited to a single row.
However, it could still chunk multiple rows into a single concat
Currently, it seems that sqlmap will use a payload such as the following is a
UNIONable parameter is found that can only return one row in order for data to
be exfil’ed.
-16301 UNION ALL SELECT NULL,NULL,(SELECT
CONCAT(0x71787a7871,IFNULL(CAST(schema_name AS CHAR),0x20),0x716a706271) FROM
INFO
