Hi Till, Is the injection point only boolean? No UNION? No error-based? Try to increase the value of --level. Can you enumerate the -b? A run with -t traffic.log and inspection of the log file afterwards would be helpful. I reckon I've only detected a SQL injection in MySQL < 4.1 long time ago and as far as I remember it worked with sqlmap, but I might be wrong.
Bernardo On 12 July 2011 12:01, Till .ch <till...@hotmail.com> wrote: > Hi > > > Lately I've been playing with sqlmap and a 4.0 mysql server. Sqlmap detected > the injection point just fine, but struggled with gathering information > about other tables. > I guess this happened due to the fact as subqueries have been introduced > with mysql >=4.1 (http://dev.mysql.com/doc/refman/4.1/en/news-4-1-x.html) > and thus payloads like the following are regarded as an invalid query on > mysql <4.1: > > > [PAYLOAD] 1234 AND ORD(MID((SELECT IFNULL(CAST(COUNT(*) AS CHAR),CHAR(32)) > FROM randomtable),1,1)) > 51 > > > Best Regards > Till > > ------------------------------------------------------------------------------ > All of the data generated in your IT infrastructure is seriously valuable. > Why? It contains a definitive record of application performance, security > threats, fraudulent activity, and more. Splunk takes this data and makes > sense of it. IT sense. And common sense. > http://p.sf.net/sfu/splunk-d2d-c2 > _______________________________________________ > sqlmap-users mailing list > sqlmap-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Bernardo Damele A. G. E-mail / Jabber: bernardo.damele (at) gmail.com Mobile: +447788962949 (UK 07788962949) PGP Key ID: Unavailable ------------------------------------------------------------------------------ AppSumo Presents a FREE Video for the SourceForge Community by Eric Ries, the creator of the Lean Startup Methodology on "Lean Startup Secrets Revealed." This video shows you how to validate your ideas, optimize your ideas and identify your business strategy. http://p.sf.net/sfu/appsumosfdev2dev _______________________________________________ sqlmap-users mailing list sqlmap-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/sqlmap-users
