On Wed, Nov 28, 2012 at 3:39 PM, Leon Jacobs <leonja...@gmail.com> wrote:
> If its MySQL and according to [1], try: > > $ python sqlmap.py -u something --sql-query="show variables where > Variable_name = 'hostname'" > > I am not 100% sure about the required permissions/escaping that might be > needed to achieve this via your injection point though... Here's the result: Is it not possible from the injection point? Or are there any other sql-query? back-end DBMS: MySQL 5.0 [15:43:37] [INFO] fetching SQL SELECT statement query output: 'show variables where Variable_name = 'hostname'' [15:43:37] [WARNING] reflective value(s) found and filtering out [15:43:37] [INFO] resumed: None show variables where Variable_name = 'hostname': 'None' -- Zaki Akhmad ------------------------------------------------------------------------------ Keep yourself connected to Go Parallel: INSIGHTS What's next for parallel hardware, programming and related areas? Interviews and blogs by thought leaders keep you ahead of the curve. http://goparallel.sourceforge.net _______________________________________________ sqlmap-users mailing list sqlmap-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/sqlmap-users