Hi
Lately I've been playing with sqlmap and a 4.0 mysql server. Sqlmap detected
the injection point just fine, but struggled with gathering information about
other tables.
I guess this happened due to the fact as subqueries have been introduced with
mysql >=4.1 (http://dev.mysql.com/doc/refman/4.1/en/news-4-1-x.html) and thus
payloads like the following are regarded as an invalid query on mysql <4.1:
[PAYLOAD] 1234 AND ORD(MID((SELECT IFNULL(CAST(COUNT(*) AS CHAR),CHAR(32)) FROM
randomtable),1,1)) > 51
Best Regards
Till
------------------------------------------------------------------------------
All of the data generated in your IT infrastructure is seriously valuable.
Why? It contains a definitive record of application performance, security
threats, fraudulent activity, and more. Splunk takes this data and makes
sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-d2d-c2
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
