Hi Henry, On 3 July 2012 01:01, Henry Waves <microw...@gmx.us> wrote: > I've met dozens of practical cases when --dbs switch becomes useless > with --dbms=mssql (can't say precisely, but maybe <2008 versions). The > only workaround proved itself useful is retrieval of db_name(i++) using > --sql-shell while other standart techniques were totally useless.
We have been notified already that there might be a bug with --dbs and --tables on MSSQL (particularly version 2008). We will look closely in the upcoming weeks into reproducing this bug, if any, across all MSSQL versions. I have opened issue #55[1] for the time being and will keep you posted there with comments. > Another reason i decided to compose this miserable letter is that i > would like to see debug information on how page is being parsed in order > to determine exact string or regexp or whatever sqlmap uses to pick up > context output or to determine the boolean value for positive logical > answer. If you run sqlmap with -v 3 not only you see all injected SQLi payloads, but following detection, it shows you also the exact vector used to identify the vulnerable and exploitable SQLi technique. > Uploading specific files for mssql would be great too, because > currently i choose another commercial products which are ugly, heavy, > gui and windows only in order to execute os commands (that thing > appeared to be broken in almost every semi-complicated case while worked > fine on some fucking retarded pangolin\webcruiser\e.t.c. tools) or > upload something over designed and accessible routines of ms sql in > certain cases. Maybe i'm missing some concepts , but the first thing > i've mentioned above deserves your attention for sure. Thanks :* We have got support to interact with the underlying file system since 2009. Relevant switches are --file-read, --file-write and --file-dest. --tmp-path might also be of use here, check the user's manual for details and examples. I am not aware at the moment of any bug related to these switches, but please go ahead and open an issue[2] with details to reproduce the bug, if any. I have recently retested all these switched across all three supported DBMS (MSSQL, PgSQL and MySQL) and they all worked fine. [1] https://github.com/sqlmapproject/sqlmap/issues/55 [2] https://github.com/sqlmapproject/sqlmap/issues/new -- Bernardo Damele A. G. E-mail / Jabber: bernardo.damele (at) gmail.com Mobile: +447788962949 (UK 07788962949) ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ sqlmap-users mailing list sqlmap-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/sqlmap-users
