hi all. it's strange that nobody has noticed this till now :)))
this bug was (in cases when the pivot column used was an integer based) trimming/preventing dumping of entire table contents of some DBMSes supported by sqlmap, like MSSQL, Sybase and MaxDB :) thank you Tom very much for this report. thing is that we haven't noticed it till this report because we use fairly small testing tables. now it should be fixed with the last commit kr On Mon, Apr 25, 2011 at 11:08 AM, Miroslav Stampar <miroslav.stam...@gmail.com> wrote: > Hi Tom. > > I believe i see the connection with our code. That number ranges have > the root in programs logic. > > Will be fixed in a week. > > After that hackers will be able to dump all :) > > It's just strange that nobody has noticed this in some two weeks as > that's the time of affecting commit. > > Kr > On Sunday, April 24, 2011, Tom Thumb <k1...@live.co.uk> wrote: >> >> >> >> >> >> When trying to dump a table containing over 10000 entries, only 32 results >> are returned (rows with id 8, 9, 90-99, 990-999, 9990-9999). All the other >> data is not dumped, and I can't understand why. >> Can anyone explain this behaviour? >> Obviously I'm pleased that my database does not appear to be completely >> exploitable, but I'm worried that I'm missing something simple, and that >> there is something a hacker could do to retreive the rest of the data... >> Test subject is an MSSQL 2005 Database runing on Windows 2003. >> > > -- > Miroslav Stampar > > E-mail: miroslav.stampar (at) gmail.com > PGP Key ID: 0xB5397B1B > -- Miroslav Stampar E-mail: miroslav.stampar (at) gmail.com PGP Key ID: 0xB5397B1B ------------------------------------------------------------------------------ WhatsUp Gold - Download Free Network Management Software The most intuitive, comprehensive, and cost-effective network management toolset available today. Delivers lowest initial acquisition cost and overall TCO of any competing solution. http://p.sf.net/sfu/whatsupgold-sd _______________________________________________ sqlmap-users mailing list sqlmap-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/sqlmap-users
