Hi Daniel.
If sqlmap is not able to detect stacked queries (like in your case), then
it won't be able to use/exploit those commands from --sql-shell. Pretty
simple.
Just take a look into your list of "sqlmap identified the following
injection points..." for that same target and if there are thing
Hi Miroslav, Bernardo, list members,
As far I know ( please correct if i´m wrong ) reading a couple of
times Bernardo´s Damele Advanced SQL Injection whitepaper , Stacked
queries could be executed via Blind and MySQL with ASP.NET,but sqlmap
show me via sql-shell:
web server operating system: Wind
Hi Devon
With the latest commit (r5077) you won't be asked any more for that "you've
probably...tainted..." in "multiple target mode".
That simply means that check will be only conducted if user has explicitly
used -u parameter and not in those more advanced modes (-g, -m,...)
Kind regards,
Miro
Hello,
I encountered a situation where --batch ended up prematurely ending a scan of a
website. The reason is because there was an invalid link on the site's HTML
document, that confused sqlmap into exiting. Here's the output which I think
should explain it better:
root@apj351:~# ./sqlmap.py
hi ryan.
short answer is permissions (most often file write ones)
long answer is:
1) --os-shell/--os-cmd/--os-pwn (STACKED INJECTION CASE)
A) for MYSQL (rare in real life), PGSQL current DBMS user has to have
UDF create/exec permissions
B) MSSQL current DBMS user has to be able to run
master.db
what are the actual requirements for --os-cmd/shell/pwn ? I'm trying to
figure out how they work specifically. As far as I can tell you just need
write access to a folder in the web root. Is this true? Is there a way to
check your filesystem priviledges?
Hello, Miroslav!
On Ср., 2011-08-10 at 10:48 +0200, Miroslav Stampar wrote:
> Hi Vladimir.
>
> Thank you for your report. We'll so something about it. In the mean
> time you can experiment with --technique (other than U) or
> --start/--stop.
>
> If there is no alternative please contact me priva
Hi Vladimir.
Thank you for your report. We'll so something about it. In the mean time you
can experiment with --technique (other than U) or --start/--stop.
If there is no alternative please contact me privately and i'll make you a
temporary patch.
That idea with end char is great. We'll try to u
Hello!
Consider following example of vulnerability.
Server has PHP and MySQL 5.X. URL
http://example.com/list.php?filter=text outputs list of items that match
filter and is vulnerable to following SQL injection:
http://example.com/list.php?filter=' UNION SELECT 1,2,3 --
This will show one row
hi nightman.
sorry. we were aware of this thing but haven't "patched" the problem
for error and union techniques - until this moment.
i believe that the last commit should fix further problems related.
kr
On Fri, Apr 15, 2011 at 4:03 PM, wrote:
> Hi,
>
> I have a Problem when i dumped a DB, f
Hi,I have a Problem when i dumped a DB, from time to time sqlmap lost the connection to the target, but Sqlmap does not write the data already received into a csv. Why?greetz Nightman
--
Benefiting from Server Virtualizati
11 matches
Mail list logo
