Re: [sqlmap-users] number of databases/tables problems

2014-09-25 Thread Miroslav Stampar
As Rodrigo stated correctly, you can use -C to specify column names manually. For forcing sqlmap to requery certain results you can use --fresh-queries. Bye p.s. thx for donation :) p.p.s. I am glad that you managed to use tamper scripts to bypass IPS/WAF On Sep 25, 2014 8:04 PM, "Rodrigo Zanatt

Re: [sqlmap-users] number of databases/tables problems

2014-09-25 Thread Rodrigo Zanatta Silva
well, about the column, it is possible, I think, use the > -D DB DBMS database to enumerate > -T TBL DBMS database table(s) to enumerate > -C COL DBMS database table column(s) to enumerate > -X EXCLUDECOL DBMS database table column(s) t

Re: [sqlmap-users] number of databases/tables problems

2014-09-25 Thread floyd
Hi Miroslav Thanks for your time and for sqlmap. I hope you got the donation :) By now I figured out what it was: an IPS. Had to --tamper=caseselect,charencode where caseselect is just a simple .replace("SELECT","sElEcT"). What a stupid IPS. Is there any way to correct errors that sqlmap is gett

Re: [sqlmap-users] number of databases/tables problems

2014-09-24 Thread Miroslav Stampar
Hi. This looks like a permission problem while reading system tables. That would explain why DB_NAME() works and everything else fails. Bye On Sep 23, 2014 4:27 PM, "floyd" wrote: > Hi everybody > > I'm doing a Pentest and I'm able to do a time based blind sql injection > on a very big database