BTW I hope this doesn’t come across as it being a problem with sqlmap, I think
it is a problem with the local system’s mysql instance, just trying to figure
out why an RLIKE injection would allow enumeration of DATABASE() but not from
the users table. I figured I would ask this list if anyone el
Hi again.
I believe that we have a problem here. I am trying to reproduce your
"problem" and can't do it:
mysql> select * from users;
+++--+
| id | name | surname |
+++--+
| 1 | adm
"I only bring it up because sql map has no problem grabbing the database
with rlike but can't enumerate the values from the user table"
$ python sqlmap.py -u "http://192.168.223.129/sqlmap/mysql/get_int.php?id=1";
--batch --test-filter="RLIKE" --dump -D testdb -T users
...
sqlmap identified the
Right, in the sql statement where I select 'a', the ord of this is not greater
than 112, and it fails as expected with parens not balanced.
The query below this that selects the first name from users should be
functionally equivalent to select 'a' as mid is used to select the first
character of
Hi.
Maybe I've mistaken, but you are looking this RLIKE wrong. Its function
here (in your case) is to PROVOKE errors on False, and that's exactly
what's going on here.
In case of True, RLIKE is called with perfectly valid 0x7474747474, while
in case of False its called with errorneous regexp 0x28
