Re: [sqlmap-users] Listing databases says that it found 6, but only returns 1

Thu, 24 Nov 2011 10:57:29 -0800 

Hi.

Could you please send the traffic file made with --dbs --fresh-queries -t
traffic.txt?

Kind regards
On Nov 24, 2011 6:48 PM, "Jimmy Ramsmark" <j...@alcor.se> wrote:

> So I was doing an experiment at work today with sqlmap.
> sqlmap found the following injection:
>
> Type: UNION query
> Title: MySQL UNION query (NULL) - 11 to 20 columns
> Payload: http://localhost:80/-1616 UNION ALL SELECT NULL, NULL, NULL,
> NULL, NULL,
> CONCAT(CHAR(58,110,105,115,58),IFNULL(CAST(CHAR(122,81,104,83,72,98,108,107,112,107)
> AS CHAR),CHAR(32)),CHAR(58,115,100,101,58)), NULL, NULL, NULL, NULL, NULL,
> NULL, NULL, NULL#
>
> And when trying to list the databases, I get the following:
>
> [18:17:45] [INFO] fetching database names
> [18:17:47] [INFO] the SQL query used returns 6 entries
> available databases
> [1]:
> [*] information_schema
>
> But I can still query from the other 5 databases and reach all data by
> manually altering the injection query.
>
> Anyone have any idea what's up with that?
>
>
>
>
> ------------------------------------------------------------------------------
> All the data continuously generated in your IT infrastructure
> contains a definitive record of customers, application performance,
> security threats, fraudulent activity, and more. Splunk takes this
> data and makes sense of it. IT sense. And common sense.
> http://p.sf.net/sfu/splunk-novd2d
> _______________________________________________
> sqlmap-users mailing list
> sqlmap-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>

------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure 
contains a definitive record of customers, application performance, 
security threats, fraudulent activity, and more. Splunk takes this 
data and makes sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-novd2d
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users

Reply via email to