Re: [sqlmap-users] 32 results from database with 10, 000 rows! (id 90-99, 990-999, 9990-9999)

Tue, 03 May 2011 02:14:24 -0700 

Excellent!

Confirmed fixed :)

> Date: Sun, 1 May 2011 17:45:19 +0200
> Subject: Re: [sqlmap-users] 32 results from database with 10, 000 rows! (id 
> 90-99, 990-999, 9990-9999)
> From: miroslav.stam...@gmail.com
> To: k1...@live.co.uk
> CC: sqlmap-users@lists.sourceforge.net
> 
> hi all.
> 
> it's strange that nobody has noticed this till now :)))
> 
> this bug was (in cases when the pivot column used was an integer
> based) trimming/preventing dumping of entire table contents of some
> DBMSes supported by sqlmap, like MSSQL, Sybase and MaxDB :)
> 
> thank you Tom very much for this report. thing is that we haven't
> noticed it till this report because we use fairly small testing
> tables.
> 
> now it should be fixed with the last commit
> 
> kr
> 
> On Mon, Apr 25, 2011 at 11:08 AM, Miroslav Stampar
> <miroslav.stam...@gmail.com> wrote:
> > Hi Tom.
> >
> > I believe i see the connection with our code. That number ranges have
> > the root in programs logic.
> >
> > Will be fixed in a week.
> >
> > After that hackers will be able to dump all :)
> >
> > It's just strange that nobody has noticed this in some two weeks as
> > that's the time of affecting commit.
> >
> > Kr
> > On Sunday, April 24, 2011, Tom Thumb <k1...@live.co.uk> wrote:
> >>
> >>
> >>
> >>
> >>
> >> When trying to dump a table containing over 10000 entries, only 32 results 
> >> are returned (rows with id 8, 9, 90-99, 990-999, 9990-9999). All the other 
> >> data is not dumped, and I can't understand why.
> >> Can anyone explain this behaviour?
> >> Obviously I'm pleased that my database does not appear to be completely 
> >> exploitable, but I'm worried that I'm missing something simple, and that 
> >> there is something a hacker could do to retreive the rest of the data...
> >> Test subject is an MSSQL 2005 Database runing on Windows 2003.
> >>
> >
> > --
> > Miroslav Stampar
> >
> > E-mail: miroslav.stampar (at) gmail.com
> > PGP Key ID: 0xB5397B1B
> >
> 
> 
> 
> -- 
> Miroslav Stampar
> 
> E-mail: miroslav.stampar (at) gmail.com
> PGP Key ID: 0xB5397B1B
                                          
------------------------------------------------------------------------------
WhatsUp Gold - Download Free Network Management Software
The most intuitive, comprehensive, and cost-effective network 
management toolset available today.  Delivers lowest initial 
acquisition cost and overall TCO of any competing solution.
http://p.sf.net/sfu/whatsupgold-sd
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users

Reply via email to