On Wed, Nov 28, 2012 at 10:31 AM, Zaki Akhmad <zakiakh...@gmail.com> wrote:
> Hello,
>
> I found SQL injection vulnerability. I want to know the database
> server IP address. From the fingerprint result, the database server is
> MySQL. How should I write the --sql-query so that I could retrieve the
> MySQL database server IP address? It's n-tier web appliction.
>
> $ python sqlmap.py -u something --sql-query=""
>
> Just an idea: maybe it's possible to add a built-in sql query function
> to retrieve database server IP address whatever the databases is used
> (or I am the one who didn't know it?)
>
> Thanks,
>
If its MySQL and according to [1], try:
$ python sqlmap.py -u something --sql-query="show variables where
Variable_name = 'hostname'"
I am not 100% sure about the required permissions/escaping that might be
needed to achieve this via your injection point though...
--
Regards
Leon Jacobs
Sent using electronic mail ツ
[1] http://dev.mysql.com/doc/refman/5.1/en/show-variables.html
------------------------------------------------------------------------------
Keep yourself connected to Go Parallel:
INSIGHTS What's next for parallel hardware, programming and related areas?
Interviews and blogs by thought leaders keep you ahead of the curve.
http://goparallel.sourceforge.net
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users